Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-bw2r4aah9z
Target light.exe
SHA256 799b31e4431401379cd909fbc8825f27e8a1c7172843a755a623257dd003fdce
Tags
pyinstaller evasion trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

799b31e4431401379cd909fbc8825f27e8a1c7172843a755a623257dd003fdce

Threat Level: Shows suspicious behavior

The file light.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller evasion trojan

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks whether UAC is enabled

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies registry class

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:32

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:30

Reported

2024-05-09 01:41

Platform

win10-20240404-en

Max time kernel

186s

Max time network

311s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1976 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 1976 wrote to memory of 2380 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 2380 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2380 wrote to memory of 4440 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2380 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2380 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4440 wrote to memory of 1352 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4440 wrote to memory of 1352 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2380 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe
PID 2380 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe
PID 4868 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4868 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 4592 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe
PID 2516 wrote to memory of 1812 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLB2w0J

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLB2w0J

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.0.1978883946\1477600071" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {84217fe8-8d1e-4b3a-838f-74fd02978ab3} 2516 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.1.1579558398\1203088826" -childID 1 -isForBrowser -prefsHandle 2456 -prefMapHandle 2376 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {509baf51-3f7b-4154-b01e-6c9633cb0078} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.2.375397294\189240167" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {b387a5b4-5bd5-4e9e-b3e7-0170cc61657e} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.3.1516548609\934166022" -childID 3 -isForBrowser -prefsHandle 2960 -prefMapHandle 3076 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {ee8ba0bc-a6d4-4577-a591-ad0300edc5c4} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.4.1826533979\156233847" -childID 4 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {8403401a-bb50-4891-ba0f-e4bd42e9a60b} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.5.1062894965\1723668105" -childID 5 -isForBrowser -prefsHandle 3732 -prefMapHandle 3736 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {6fae97c7-7d6d-4758-8588-3622decf87ee} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.6.20248427\2126024151" -childID 6 -isForBrowser -prefsHandle 3916 -prefMapHandle 3920 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {c42b9e9b-65d4-47b7-a4c8-2334dfe536f5} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.0.1094223813\1360498917" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {5a01b83f-2a90-4884-ab59-ea4f9144a209} 3384 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.1.810573961\956603022" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2748 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {f94f6c68-9f1b-4601-97d2-d4eb722bdebe} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.2.814903677\73611586" -childID 2 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {a0725b59-c506-4e05-900d-a672b57420e2} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.3.2105694048\1380030424" -childID 3 -isForBrowser -prefsHandle 3064 -prefMapHandle 3052 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {30d792ec-c231-467a-9be9-a393d6d8e51c} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.4.170187961\1543526193" -childID 4 -isForBrowser -prefsHandle 3524 -prefMapHandle 3164 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {dd86a368-9cc6-403b-afa0-ab817d42aeba} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.5.760456095\904597258" -childID 5 -isForBrowser -prefsHandle 3284 -prefMapHandle 3280 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {f064f787-d3a4-4420-9f12-8a1da13e5355} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3384.6.1223123463\1093757169" -childID 6 -isForBrowser -prefsHandle 2976 -prefMapHandle 3092 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {35edec4d-2454-4fc9-8bfc-b5c7e1f7ac0e} 3384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNloi1L

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNloi1L

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2072.0.180809771\1063516729" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1440 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {d25b9991-794b-4e73-983e-b58f42390dd0} 2072 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2072.1.301381260\747382199" -childID 1 -isForBrowser -prefsHandle 2472 -prefMapHandle 2312 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {75f77ab4-abcd-4aaa-9a73-a3b70f1e229e} 2072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2072.2.975620780\73970818" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {46254d80-b830-4639-8cef-0fff7f9c4711} 2072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2072.3.1235493657\2970781" -childID 3 -isForBrowser -prefsHandle 3048 -prefMapHandle 2988 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {9d300d4c-af21-4e15-8b40-dea867599cfd} 2072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2072.4.228886267\1234082172" -childID 4 -isForBrowser -prefsHandle 3368 -prefMapHandle 3024 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {ba0ded86-a997-484e-9004-dfc57eb050b8} 2072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2072.5.692593999\1301114290" -childID 5 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {5e28f812-0de7-4e64-b548-06409d2e5b85} 2072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2072.6.941949839\39855420" -childID 6 -isForBrowser -prefsHandle 3480 -prefMapHandle 3492 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {0738e92a-18b4-4bd7-94f5-937519d63ec1} 2072 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe --port 50051 --websocket-port 50052

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoKVkc1

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50052 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoKVkc1

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4532.0.1426856163\1686722700" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1364 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {155bc2b6-801d-4a98-9d44-fdd35b11a074} 4532 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4532.1.1121965077\755178786" -childID 1 -isForBrowser -prefsHandle 2500 -prefMapHandle 2392 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {0e2b1a57-629d-4bb9-a4b4-db5254ad1196} 4532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4532.2.841721\503289029" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {e0faa4c8-2488-4f18-b883-c2bd52a4aa2c} 4532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4532.3.1877297479\814960037" -childID 3 -isForBrowser -prefsHandle 3004 -prefMapHandle 3008 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {4cec4488-62e2-4d9a-a05e-c15fa3386d73} 4532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4532.4.549798390\1958419025" -childID 4 -isForBrowser -prefsHandle 3676 -prefMapHandle 2984 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {6b6080d9-a1fe-4afc-a3d2-7100b961cc6c} 4532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4532.5.1863122591\1910075917" -childID 5 -isForBrowser -prefsHandle 3732 -prefMapHandle 3024 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {6c56758a-fadb-4b84-b181-bc74cefc9c55} 4532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4532.6.1859980045\1998206942" -childID 6 -isForBrowser -prefsHandle 3324 -prefMapHandle 3328 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {de54255b-bfff-4fe9-b52f-1c3c92464cb6} 4532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4532.7.877159729\1699323257" -childID 7 -isForBrowser -prefsHandle 4152 -prefMapHandle 4336 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\browser" - {74dc501d-42b9-4a16-9b9b-86ecc94c002d} 4532 tab

Network

Country Destination Domain Proto
DE 202.61.236.66:22 tcp
GB 95.166.12.135:9001 tcp
US 8.8.8.8:53 66.236.61.202.in-addr.arpa udp
AT 140.78.100.23:5443 tcp
US 8.8.8.8:53 135.12.166.95.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 23.100.78.140.in-addr.arpa udp
DE 157.90.212.53:443 tcp
LT 188.214.132.49:9001 tcp
US 8.8.8.8:53 53.212.90.157.in-addr.arpa udp
US 8.8.8.8:53 49.132.214.188.in-addr.arpa udp
N/A 127.0.0.1:50104 tcp
N/A 127.0.0.1:50122 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50251 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50259 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50573 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50581 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50842 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50850 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
US 52.111.227.14:443 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:50051 tcp
N/A 127.0.0.1:51099 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51107 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp

Files

\Users\Admin\AppData\Local\Temp\_MEI19762\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI19762\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI19762\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI19762\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI19762\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI19762\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI19762\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI19762\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI19762\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI19762\top-1m.csv

MD5 f64b4bc3aa04182d6ba0fe6a5553de88
SHA1 866037b7178f76b76cbf3349ec94522eadc326fa
SHA256 161b37ecec6fdb46b234840da8f3b3244ca474e6b000e02cada2c2eee750adf2
SHA512 d43e6fe5abfd543fae4c3a101c6152246e660427cb0600bc133e7f281a7ea5e3791b785e7b739ed30a9b3d39dc770b48231b0975355794cda0d9b75364c06c94

C:\Users\Admin\AppData\Local\Temp\_MEI19762\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI19762\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI19762\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI19762\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI19762\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpvfw24drn\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI19762\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI19762\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI19762\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI19762\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI19762\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI19762\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI19762\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI19762\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLB2w0J\prefs.js

MD5 0365b1040d163c5a26dedef130405f4c
SHA1 35b138424e08396d2fe0453841ad051acadf4d3c
SHA256 64849a5f7f34018597ac1f63bd8da0a2be8873c8fe2fa97c9530cd2680720659
SHA512 e1156402358a12f6f3e5011521f9018eb2db77a525597ceab1037a6cdb4886bc69233562924c62d3fed185b6a3328415da2be630edd4e8516035b701d336d501

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLB2w0J\extensions.json

MD5 d905425914b5aba6e9e749ba6600f23c
SHA1 86b68e881444e9c277f6fb91d2aa48a7f0448759
SHA256 74c9f5cbda575f5466992f1868dfb7338818e6a5ee6020ec39996ae865790b9a
SHA512 91ec0157e390453dd2991fb1f477e65eab4391dd43610c168a1dfff89d66074623f12d7cbbed9cf75941722324802bb5e00b7f8c21396f98c02e7e151002755c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLB2w0J\prefs.js

MD5 9b830389f95954f86591197267b99f03
SHA1 3f653b77dcbdbe5029f4b5dab08243edd4f6f82b
SHA256 eba786b584c8896ba60b78285e3dd6c1deff5b35f80f6a31734868a6f600d59a
SHA512 56f35764811ea6b36c8e3eaaaf166b17c15cee9196769c271953310d974dc59495fe999a000301d91e3e6d9269ea24dc5309fd956feaa4bd928f5c98187eceb3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLB2w0J\prefs-1.js

MD5 0f541920b2d61ee99709bd8b4bf508fa
SHA1 3bde65cb67c390e126d8428b10850b96ec6c1d9d
SHA256 3f90251d389268bdef48afb0a1c5f318bae1e645f0c5912fbbc46d320d94c949
SHA512 04a034e5150ec5194c81a59dcd92563a1669d8ff4810e28448f827b3d430c60a6335f3ddcc34f766928b363cff300cdb2a43922f122dc53bebbcb13c11bac09a

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLB2w0J\prefs-1.js

MD5 5b254a2063e70e6822bdd3b482304067
SHA1 41d64f1592ac67b35b24e0ad362dc09e4d78f4b5
SHA256 b0a9203e7f6fd48ba620b3a129aa427d0062af91287725a550151e6e186a4ef6
SHA512 e1cd88da1032b01c11112bee0d9862afd04144f034e7c6c908a7fb3931f6f4f3de5ca62c88ea7560c5bfe9f7630bbbcdef7948ed7e7dde22352bd7511901ff66

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 eff9d7bdea51524501fd8786ee8200c9
SHA1 3b97ca1d3a8d50727a76e11d13516c69e9d425fc
SHA256 e3184accd9d9a24b1b1bd12139ca4fcf324f0a32ca1d657971a3055c5dac44e9
SHA512 7ec9ce1307f745da7e14b736a429d366c5624df4ae76e6482779014c06f58ca4737708652394ed2b76c52e8b8a6d12e507272cb2231e1280f4ac31c9a22e66c6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLB2w0J\prefs-1.js

MD5 6334f97267986b0a6ca89e8032026861
SHA1 2b4e019c8664ec4ac61e63ebb61c734a8c23ad71
SHA256 a58aa4bc142bc0dc80b027ce8d394832fb9ddf7968d81c381fbe43b88a5aef7c
SHA512 db1ad8c0b3bbd3ea965cb6a43644e34c3271765d5183e15936a6f8e3127e05a0cf0b212e32e1aa8ae6a22d8a0542c5f930024d5a1a9b36ab3c300ad1f239c5ea

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\prefs-1.js

MD5 c267e597f132bbf049818e2b3a1954e8
SHA1 8330ec421b3119c5bcb8bf9bf7a0a60e5b55b717
SHA256 f73941aa94074d14b201178091b194d043416ad368bab2ffdbbac1e4bf9bec09
SHA512 223e3e6c90b31382fdb03357c515e22092f90a87bfc082915e4d1e3951747f6da43726c31dffc10a71da23891c0867c1b412950e7c50042ea769926c53f15fa5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\prefs-1.js

MD5 f3b600aacd3564a543eeab03d3fbbb68
SHA1 e70a5888f201efa4fa2ec559b54ed2c3d0c7a19c
SHA256 023c1276e591d3b4dc20bb5850265de6a8cd425ed6c9b803c8bc04aec4d29a95
SHA512 c592b56ff483eb1cfc0695650aa24dff390b4efda1f2611801a635fb320e234e17a3641f5a17dfda113de44eb3ae2fbb7e296673907ea1a93007ed26353ef9d7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\startupCache\webext.sc.lz4

MD5 6649cb61b96bde8a4c9a2c20f1e3940e
SHA1 f94ec40106e2b74bdaa7a15ca40f4e0540b3a3c9
SHA256 1e274a845c3a2248a24bded0f2b61f4081736f7815e231e59744b3da0c37ecda
SHA512 e1b57108574601075cd2e7b418d0947b461bd35cbb97a471f8cb93fa520972029854aa615b704f99b0a58dc7b314a6b59bd07097e9ee221bd734fcc4225d3098

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3o6n1J\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNloi1L\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNloi1L\prefs-1.js

MD5 b51f3ce6c3e928f696c7e82cbd13dbce
SHA1 809b3a1c0357e242d81539b4fc73e17a19fcde23
SHA256 49c2c33d941a96999a4c913dc40257f4892e15c0b776800dc6ce476e0dbc1927
SHA512 ba76ea2b9afdfa833560bac50b0a8a09e85b210952aebbf274ae1c0e2d0d59ccf13e8d9c36b9837ad56c0c32ef558f2e85575e5aa6c7b8f6ad270ae052b22594

memory/2072-1072-0x000001FF49FF0000-0x000001FF4A000000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNloi1L\prefs-1.js

MD5 0540e9a24447d2850d830485c09d049c
SHA1 4387c324eef8c8c529dd2af132e376f00a5cfbbe
SHA256 f916c6f660d03d81d2dcfafbc4c8448ac6badf610b61373a80fdbe67dda5d14f
SHA512 f880eab2464525679014d28d538fa5132ea6bee9904ddc198d87b180e2f6829b226915506041ac2dfc32ab2094a146d124f3b0750b583feb0c5c218054c8b68b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNloi1L\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

memory/2072-1161-0x000001FF3EBB0000-0x000001FF3ED20000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNloi1L\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNloi1L\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

memory/4532-1306-0x0000022492A90000-0x0000022492AA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoKVkc1\prefs-1.js

MD5 1eed6155ee5ee8311498842c24d10594
SHA1 c12ac5b16c6442ba88396a895b3b3f1382127d8e
SHA256 47118885c9073bf40bf5bc2e9f2944157d6a5754cd4b3e1174eac69e95e4dcd3
SHA512 23d8c82c9abc464421b27acc1313e5b8a95c62d58989f5c283843f5491d38ce52ca9f4c7557b1567b8751c553fbfdaab3677d2536cb68d52bdbba8497baa081c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoKVkc1\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:30

Reported

2024-05-09 01:41

Platform

win10-20240404-en

Max time kernel

299s

Max time network

306s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3728 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3728 wrote to memory of 4164 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 4164 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4164 wrote to memory of 3596 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4164 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4164 wrote to memory of 4328 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3596 wrote to memory of 592 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3596 wrote to memory of 592 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4164 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\geckodriver.exe
PID 4164 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\geckodriver.exe
PID 1948 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1948 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe
PID 1412 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI37282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI37282\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecWYbeN

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecWYbeN

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.0.714086532\687068584" -parentBuildID 20240416150000 -prefsHandle 1440 -prefMapHandle 1428 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {81d153c9-5c53-467f-a91c-b9198fdbb44e} 1412 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.1.697972716\197958943" -childID 1 -isForBrowser -prefsHandle 2440 -prefMapHandle 2176 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1052 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {5808dc26-45bd-4a01-9b76-947a24834079} 1412 tab

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.2.435752284\1936358388" -childID 2 -isForBrowser -prefsHandle 1364 -prefMapHandle 1360 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1052 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {e1f388eb-c0e2-4437-8487-a811639a1b9c} 1412 tab

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.3.1959823505\134282806" -childID 3 -isForBrowser -prefsHandle 3032 -prefMapHandle 3016 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1052 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {a19fe6db-ac70-4384-beee-f0353433a154} 1412 tab

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.4.90676331\1556947922" -childID 4 -isForBrowser -prefsHandle 3516 -prefMapHandle 3520 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1052 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {62b047df-22aa-4a86-9f61-0966c80cb5c0} 1412 tab

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.5.73660281\678344630" -childID 5 -isForBrowser -prefsHandle 3916 -prefMapHandle 3828 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1052 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {18faa5fe-6e4c-4e62-a686-12ea0b0abf62} 1412 tab

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.6.1757564807\591221719" -childID 6 -isForBrowser -prefsHandle 3140 -prefMapHandle 3356 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1052 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {2b2512aa-b344-4e60-b850-0ee4b9e09801} 1412 tab

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.7.907131438\820414291" -childID 7 -isForBrowser -prefsHandle 4236 -prefMapHandle 4240 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1052 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {b9d50fec-ebb5-4ac6-bb3e-8ee136eab333} 1412 tab

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.8.630408932\779825408" -parentBuildID 20240416150000 -prefsHandle 8500 -prefMapHandle 8504 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {afd42792-52c6-4ae9-9f0f-b8c1423bfb96} 1412 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1412.9.2147128007\1416768481" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 8464 -prefMapHandle 8496 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\browser" - {a9858936-c02d-4f23-bc99-e9303cd91d29} 1412 utility

Network

Country Destination Domain Proto
DE 144.91.125.239:9001 tcp
US 8.8.8.8:53 239.125.91.144.in-addr.arpa udp
SE 193.189.100.195:443 tcp
US 8.8.8.8:53 195.100.189.193.in-addr.arpa udp
DE 81.7.10.19:8080 tcp
GB 198.244.188.169:9001 tcp
US 8.8.8.8:53 169.188.244.198.in-addr.arpa udp
US 8.8.8.8:53 19.10.7.81.in-addr.arpa udp
DE 81.7.10.19:8080 tcp
N/A 127.0.0.1:50145 tcp
N/A 127.0.0.1:50147 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50241 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50251 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 udp
US 52.111.229.48:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI37282\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI37282\python38.dll

MD5 4fd41e9cb24ae8f20b35759ddfe04c9d
SHA1 bf3d878fd363571dba7d2b1794f99b36e4a0b461
SHA256 56ae6674c648f0366bdad45ec7970b73fe807d6d4290f10c2d0831518fd1bb15
SHA512 b23cc9dbd9e499246158eeef13625b376a3d4a3fb07936c9dee9c60a8b00ae6529b425e214fc68e7be9c5440151720a0ee502c45086a9abb0c22c5873ef09045

\Users\Admin\AppData\Local\Temp\_MEI37282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI37282\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI37282\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI37282\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI37282\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI37282\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI37282\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI37282\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI37282\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI37282\top-1m.csv

MD5 5377625e67b3c4f08808862a24969bc8
SHA1 200f4c5c2b4047d378a755e8fe4de9a237e80fd0
SHA256 5545d934d6acf35099aae9b4d1c2ed1486b5157de775bb446ca34ca4f808b2fd
SHA512 7ab05d99205eb4b4a0217d2d815ff6220662692997233a1132d20fa0b504f5eed40f8b7c2d27f948a86556778214c1f7c3ea1a90d33cbb63f0cc56bd438b7bf3

C:\Users\Admin\AppData\Local\Temp\_MEI37282\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI37282\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

\Users\Admin\AppData\Local\Temp\_MEI37282\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpbzulre7j\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

\Users\Admin\AppData\Local\Temp\_MEI37282\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI37282\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI37282\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI37282\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI37282\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI37282\geckodriver.exe

MD5 41a37376ae64677495ee6e5f2d2be402
SHA1 66b69c1f0ac3a1f9a4eeab614276324f45b66a04
SHA256 468da27e19315fbc729280e1debd63874be3d3c1e61e103c672bb2c49f95a902
SHA512 078e22dbee18bf237e8817bf2135d25c093aa438db293a39a2bc84dc2a7b35cdbe3381078c07b3649d94e4e9c7132f3091911314a167b3a9cd4ec4392f4c0833

\Users\Admin\AppData\Local\Temp\_MEI37282\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI37282\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI37282\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI37282\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecWYbeN\extensions.json

MD5 e2bdb661360fc50943aa4ec0c020d1a6
SHA1 5e602d2f159a70bb3434b86030fc28301ff323d6
SHA256 2e5225936461ed06bc5436cdca362dd92bd8b13382c2c12230bae80ae55812ac
SHA512 c5f1ae1777310e149314c2d7f213c63677225dba5f2c3badf5280e9330a3e5cdf25a9b91efec4e9ff9b913eb97846f3e8b3406e2e59ad75c7a91c32d0b43b226

memory/1412-581-0x00000258FD730000-0x00000258FD8A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 0f54e422f1ea77ca391d14ae34994723
SHA1 8e9d7818f5e3bb2940e9daa4846d44834f4f1e43
SHA256 170dd1deacda4382cc5c8e7eacc24f895905238ce5d922e67b91726fe3eb3967
SHA512 9750797a34f202aaff6e277344268f02e986c9b4fc48a8914b5712baed317369e91d66623ee65431156a387cfd27263cee77b3dac6e69884a086c384c303dda2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecWYbeN\prefs-1.js

MD5 db2f5980851529828707130c13bc838b
SHA1 b3cccbc3521af946a518ec2ca1b6f03b2f1531db
SHA256 2621bce21a6da1fd52702b1a7647f7b4977dd8f473ac1f84f7187f4f79944425
SHA512 3e3a5770d64dae8dbcfdba258fc67d0393900a0bf6c1e6002b6e6d857f8fa5bcc7e450a01f5517d1d544c9c2ec17e462c79a5c9a8004cf10b0fc4a16fde48859

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecWYbeN\prefs-1.js

MD5 883bb1aadee13ea2b3afaa556d8ab3d0
SHA1 7fb0723582aadd6bafac720adfd94e47eac84b99
SHA256 5632bd94ff421330c23a7cbca2e8b2f43b5b049a16910a8b01470eb7049fe6d6
SHA512 25e08fc068d8dcc70a68611748abc3f76a350bdf27afb6e6891e5e00cbcc504425de5f1d181c99b0744edff984af4c68972f882b673d793bb5ce2ed4b26c3eb2

memory/1412-651-0x0000025888B50000-0x0000025888B60000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecWYbeN\bookmarkbackups\bookmarks-2024-05-09_14_T6u53mPvyLQndqxVPTv9Qw==.jsonlz4

MD5 55e2001cfe7e1e02ddc10b249a711065
SHA1 66d54c487a19b467c6e0885a3f6a0f415c44a58c
SHA256 8e16428e3972e80e5b77a37eddfd9338431110e31cf6a95b6a7bb45cc82095dd
SHA512 75dac859ece5652f9ca69b3f4919497864045349bebb800bd2d2f80d988c0a176efb7ae4e739f51995a0709e49e4501c8027730c029666de9ed791054ad26229

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:30

Reported

2024-05-09 01:41

Platform

win7-20240215-en

Max time kernel

299s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2200 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 2200 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 2200 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 2404 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2404 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2404 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2404 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2404 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2404 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2964 wrote to memory of 2292 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2964 wrote to memory of 2292 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2964 wrote to memory of 2292 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2404 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe
PID 2404 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe
PID 2404 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe
PID 2920 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1900 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe
PID 1832 wrote to memory of 1576 N/A C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3Vi2TB

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3Vi2TB

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1832.0.1223066257\462821670" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {0bc0309b-aadd-46f9-9ebe-14c0d36b81df} 1832 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1832.1.934749072\249788512" -childID 1 -isForBrowser -prefsHandle 2200 -prefMapHandle 1736 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {12c9a56d-fc34-4242-b331-8b58d7f9e310} 1832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1832.2.577914680\2013954581" -childID 2 -isForBrowser -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {c166ca21-c213-457d-8815-0b8edb7d3178} 1832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1832.3.685136779\1509089856" -childID 3 -isForBrowser -prefsHandle 2572 -prefMapHandle 2344 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {c56b4de8-2064-430e-bb47-0169d7693e15} 1832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1832.4.617160696\413688681" -childID 4 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {b8fc4c28-25ae-4ee1-a68e-a1c2a6165b62} 1832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1832.5.1573121959\453926092" -childID 5 -isForBrowser -prefsHandle 2960 -prefMapHandle 2964 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {06722248-3cfa-40eb-8492-a639d3a1e60a} 1832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1832.6.261462951\1712428560" -childID 6 -isForBrowser -prefsHandle 3120 -prefMapHandle 3124 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {1c71d6a1-f541-49ce-b837-0c0c3135c09f} 1832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1832.7.2145918615\1470231304" -childID 7 -isForBrowser -prefsHandle 3360 -prefMapHandle 3356 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {94cbdb59-139e-4c62-b3e0-bdde0663420c} 1832 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.0.1276785581\1456408973" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1188 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {3262eaaf-a2c0-44b8-929a-906a6593af51} 2092 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.1.318452429\54779371" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2248 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 804 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {8b8ef8bb-c065-40c0-83ca-3f851bfd9305} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.2.1352854813\869925176" -childID 2 -isForBrowser -prefsHandle 2376 -prefMapHandle 2380 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 804 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {d2176ca5-9dbc-4bcf-94f0-e76dd144bf6c} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.3.1601594535\1397312051" -childID 3 -isForBrowser -prefsHandle 2296 -prefMapHandle 2304 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 804 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {74b415b4-6ca8-46b9-98a4-a551d38d3ccf} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.4.100678493\965408566" -childID 4 -isForBrowser -prefsHandle 2816 -prefMapHandle 2360 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 804 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {9ac9a68f-1717-461d-8ea2-33e7e9f39b2d} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.5.1921227916\1349412415" -childID 5 -isForBrowser -prefsHandle 2928 -prefMapHandle 2936 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 804 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {4687a0db-75e8-4dc4-be39-de3c95ab152c} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2092.6.1343744653\1760664582" -childID 6 -isForBrowser -prefsHandle 3092 -prefMapHandle 3096 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 804 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {dc5dce2c-000f-495d-afc4-2a0e80322544} 2092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebtnXCp

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebtnXCp

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2316.0.330260191\1600037299" -parentBuildID 20240416150000 -prefsHandle 1180 -prefMapHandle 1160 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {2cdaf8ad-83a0-4799-9c50-66de582f7d63} 2316 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2316.1.615437028\1606624737" -childID 1 -isForBrowser -prefsHandle 2108 -prefMapHandle 800 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {43242635-6bb9-40de-9f24-925fa2139d4a} 2316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2316.2.1748848553\794771617" -childID 2 -isForBrowser -prefsHandle 2344 -prefMapHandle 2348 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {c174011d-08c2-47db-b8a4-03cfc9314e68} 2316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2316.3.187629540\1016187479" -childID 3 -isForBrowser -prefsHandle 2364 -prefMapHandle 2372 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {ede6007e-c5fa-40a8-85b0-5ae7328c2d4c} 2316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2316.4.1341156649\470343449" -childID 4 -isForBrowser -prefsHandle 2736 -prefMapHandle 2740 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {0b75e29b-1ff0-4d86-81da-e18354394310} 2316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2316.5.1915217909\1113960391" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 2956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {9f3a779e-72ae-475b-ba47-c39cb5967187} 2316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2316.6.1642156516\958461990" -childID 6 -isForBrowser -prefsHandle 3116 -prefMapHandle 3120 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {96483f00-18d6-4f40-b55d-1aa9eff97626} 2316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2316.7.2128278311\1807520030" -childID 7 -isForBrowser -prefsHandle 3356 -prefMapHandle 2680 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {53bc9fa4-c381-4d22-924d-c619a2d8dbac} 2316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2316.8.1825636959\1811279441" -childID 8 -isForBrowser -prefsHandle 3416 -prefMapHandle 3524 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 808 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\browser" - {d6b0fbd7-bd76-4378-bac5-5c6b9448a961} 2316 tab

Network

Country Destination Domain Proto
FR 82.65.217.155:9001 tcp
PL 193.56.240.157:443 tcp
NL 192.42.116.13:443 tcp
DK 185.129.61.5:443 tcp
MD 185.216.68.108:443 tcp
US 66.85.128.218:443 tcp
N/A 127.0.0.1:49510 tcp
N/A 127.0.0.1:49537 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49663 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49699 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50263 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50298 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50701 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50736 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI22002\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI22002\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI22002\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI22002\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI22002\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI22002\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI22002\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI22002\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI22002\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI22002\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI22002\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI22002\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI22002\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI22002\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

\Users\Admin\AppData\Local\Temp\_MEI22002\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI22002\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI22002\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI22002\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI22002\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI22002\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI22002\top-1m.csv

MD5 c4d458026e1759eff31a5fb49ff793fb
SHA1 32e8ac85d342cbd2e1c909ad4821184209950cbb
SHA256 78bc68cd64accff5336bdb0cca3efe482adfff8ab73c3289f3d211585cc439a3
SHA512 208fbe484cffed3bcf502abc9dd123a4efa47fb41d5378cbe135c598f15d63fa311b29d9a6240e4151b6aeef6e38a63f0a9a61fe189494c5def294bbb2aaf687

C:\Users\Admin\AppData\Local\Temp\_MEI22002\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI22002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3Vi2TB\extensions.json

MD5 66c1d2b31d47741f4623d615f94835e5
SHA1 1a611d3c617faecdc570888bf063e2332c9a4374
SHA256 5a284bb92fd247b68949b0a188df23dfbdd70cd3662b0f8e5dcbb402b8c205e7
SHA512 60e04ce992291b718332e5a5e6f575d75f1ca228ab6688a9a2e2b288879300a39f72865686c2604920b1de20f122031f28f826ddb118d80bf4a5c3b0d2e93d9a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3Vi2TB\prefs-1.js

MD5 46227d37a1e78147650afc5e10a19cff
SHA1 d44cc5c08a9f6ecf934984972896cb7a17340367
SHA256 e59469283039b8e657a7ddd28f5b80c337dc72e2afa71207c5f1a2a2252da8c9
SHA512 bf71be6b5a2171aba4d2b67f2e3e691e998dcf2ff11e11f1c5c961f47e9c0afc336830561f0fc069be9fb34ae8f70114bc1e2329e0cf09f40005c7d32a99f5ac

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3Vi2TB\prefs-1.js

MD5 27c6c6b723ee07c236e9ff0d179883f8
SHA1 23bcc05e44518617f7e12e4746c1501498bbb5d6
SHA256 593d7de6811f481c285bcf0a59550cdf363ce9773a502e35534a52410968f10e
SHA512 2a1e7f6f3cf2c564c24197dacff0b39ea5953ca4ca3bfa8241bc1165e35aac8ca02332d393361e7d13e7f16c81f1563ab046c3e5b254d5f8b1f0cbfc6f214921

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 bbe0c84e4690f92ba83c5af6c2ec80ff
SHA1 e8df58281efcbc11daf1fa4003027b27adff83e4
SHA256 cc2a47cdd3a229585ad5f8e7dee351d64a4a23e8e6c22db918124442ba5e9211
SHA512 a9e4a48fd352379211843155798c2b8a23b5842a8d0ce2a313e23c0694e417d0146bf61106275a381066079e135d2feb5ebcdc102f2fe1747e4a528698a8572d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE\prefs-1.js

MD5 c76fdcdd1b4e63b7c9e8c0d30fa2bcc3
SHA1 ddf7eb0a21d175db95365041d889e8a69e94fe38
SHA256 185c8ecbb72e62470654f5d7a4a0ad7368c68cc236157016f4f8aa13cb10e5fd
SHA512 a2ba2e7cfbb1654e63357c12d3d49cb9deefb77dce83c4bb735c7887f008200a063300903209592cf4e6cc1dc52b31e4e0e92323fda26616c4c4d0684c5cfc82

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE\startupCache\webext.sc.lz4

MD5 8f4bc7da1ec46ea667fd8e810f6d5546
SHA1 6042394bb83021f0c2e5245667daaaacc4b563d8
SHA256 13eeb6757eb714cec98993b785e757d781b5ec9f578dd956dddda3efadb22203
SHA512 b791f528d6c81fb1ec72f60de13cff561745f05978d3410b1c231a5efc3b94861d1567ba14f5de9e5f8f01ecd350f401017f626ec15d17808ef7054d349ae962

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeqWSIE\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebtnXCp\user.js

MD5 edfdf979553a052396d4df5ef1d42c00
SHA1 79884150d3589c1077516606301c2ed30e49e1e8
SHA256 557624eb22d38bea0a32bdde861f09b485cc8adf70d8d6c0b42b95463d79d7b6
SHA512 78e8614df1224cdddd88ecd83cd01d085efec7c3707a7b7f57148555d904274c8408990b1720df526cda6075444cd4813aa0d82bcddfa4031d61ed580cca6774

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebtnXCp\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebtnXCp\prefs.js

MD5 e995ee7b8939eed00760f34260383701
SHA1 043c7b55359ae5d8cbb44dfdb0c9eac39bd70b69
SHA256 6686a41f7cd2e9e09c06a3fc0285fe222fa1131ec1c129e031239856e619602a
SHA512 a0d76f2c02eeaa905f1175e3331b8ecfc52179121a14bf114c08d1c7c97ceaf7f61c152f1412a8aeb0c6458b57fb158361217480751a5efa124ecadb268021b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebtnXCp\prefs-1.js

MD5 fa7e81e643e6f6f3ba6b80e607105693
SHA1 82401bcee1a0b82ff7fa40d3f3615c3c4ef1d5d3
SHA256 e66e4ff6d6646a3cfb3dad7c620ed954d759c72f24c2177c22a67ecb8d40e95d
SHA512 1b7776181bfe06f43855c83d0be3c424a33c41d058c825685fa3c0035bb88c712d22a6b1d59a336351c8b5b94dca95ef2455baef67981adff4f8a3978871bb08

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebtnXCp\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebtnXCp\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebtnXCp\prefs-1.js

MD5 bcce95208dfbd79b3daa8d2215b735f7
SHA1 695181521ac5c08155cf4cddd8c486c67af4c263
SHA256 9ebb6e9baf72e9a9ac8b07ea7a3a7a5489e0ba4a341f261a3bc645c52ce20314
SHA512 94d4bc108e4e6e62c1dcaf35e6699babb32c502acef1a801a956657859504d9e7db87599d5f39af19365903806885ba2966b3a509138f176353f0ef1c94ebbda

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:30

Reported

2024-05-09 01:41

Platform

win10v2004-20240508-en

Max time kernel

298s

Max time network

311s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3964 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3964 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 2288 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2288 wrote to memory of 5048 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2288 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2288 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 5048 wrote to memory of 3828 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5048 wrote to memory of 3828 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2288 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe
PID 2288 wrote to memory of 4208 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe
PID 4208 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 4208 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3624 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe
PID 3884 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe --port 55322 --websocket-port 55323

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 55323 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMfSyhj

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 55323 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMfSyhj

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3884.0.468479846\1074698590" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1628 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {c919608a-9bc6-46a8-8ab7-97752460e6a9} 3884 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3884.1.999236667\696402351" -childID 1 -isForBrowser -prefsHandle 2640 -prefMapHandle 2716 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {dcef4984-7f6b-4308-a820-5158df466958} 3884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3884.2.58372358\59073244" -childID 2 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {1e1827ac-ad1c-4e0e-a764-7b8a323f2d33} 3884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3884.3.1978848535\1787104112" -childID 3 -isForBrowser -prefsHandle 3812 -prefMapHandle 3292 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {02d4ee9c-e904-47a2-880e-ab0ca2f04d08} 3884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3884.4.337817466\1827301846" -childID 4 -isForBrowser -prefsHandle 3924 -prefMapHandle 3252 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {a7d64c6f-193e-4dca-b661-a971fd2e97eb} 3884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3884.5.1056701309\1115880927" -childID 5 -isForBrowser -prefsHandle 3572 -prefMapHandle 3444 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {5d4b647e-76ed-49be-93e8-d0ef1ec209fd} 3884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3884.6.1428334461\1112696555" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4132 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {226f5bfd-115b-4295-810c-06aaf1dbfe14} 3884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe --port 55322 --websocket-port 55323

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 55323 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 55323 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="980.0.763065031\958262008" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1664 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {8467c181-fa85-4a96-b123-094ff1ad4fd0} 980 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="980.1.1803571438\1533303722" -childID 1 -isForBrowser -prefsHandle 2624 -prefMapHandle 2676 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {678b04cd-acbf-4bfc-bc64-8a35a9888fc4} 980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="980.2.803009191\1653730914" -childID 2 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {dd3ae1ff-5bf4-4495-aafb-a9baf78b1bd4} 980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="980.3.1682228910\5934794" -childID 3 -isForBrowser -prefsHandle 3868 -prefMapHandle 3872 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {6318a468-ea6e-4943-8450-1cffedd1cffc} 980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="980.4.772790821\1729198443" -childID 4 -isForBrowser -prefsHandle 4016 -prefMapHandle 4012 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {d5b78fbc-b665-4275-a807-3f2896d4d890} 980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="980.5.425703574\874878882" -childID 5 -isForBrowser -prefsHandle 3296 -prefMapHandle 3280 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {430e9617-f0d7-4e5b-8100-adeeb92140fa} 980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="980.6.343847993\1728552777" -childID 6 -isForBrowser -prefsHandle 4284 -prefMapHandle 4280 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {58776df6-dc94-48d9-a371-f6d2a1aeddaf} 980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="980.7.486716743\886284448" -childID 7 -isForBrowser -prefsHandle 4244 -prefMapHandle 3296 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {c0aea3ec-ddfc-4738-8936-108d688f5da1} 980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="980.8.1436829641\975103472" -childID 8 -isForBrowser -prefsHandle 8892 -prefMapHandle 3288 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {f9c1a344-a57a-45b4-b112-f789321ea45d} 980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe --port 55322 --websocket-port 55323

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 55323 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8ybrOc

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 55323 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8ybrOc

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.0.2063095354\1122449108" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {0f565737-df7e-4a24-a3a6-950a425d664b} 4936 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.1.1035910388\244581514" -childID 1 -isForBrowser -prefsHandle 2496 -prefMapHandle 2316 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {8c81be6d-0611-46ea-bb1f-6bd8805967f1} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.2.1015664008\2015845820" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {aa465147-2d9c-4b59-9c88-405fd0f9e5a6} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.3.452813302\179994417" -childID 3 -isForBrowser -prefsHandle 3484 -prefMapHandle 3356 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {6cdcb651-8747-4684-aa71-85d1470bf7be} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.4.1117902085\945237526" -childID 4 -isForBrowser -prefsHandle 3484 -prefMapHandle 3356 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {f7707a91-fc9e-463c-87bf-eb7de55615fb} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.5.1002123082\1712312955" -childID 5 -isForBrowser -prefsHandle 3748 -prefMapHandle 3856 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {acd90dab-152b-411e-b552-8b66b0ab3df7} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.6.1091977603\1448402710" -childID 6 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {5793525e-a49c-4387-b423-8c2459ef9d1a} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.7.1341800749\1014788811" -childID 7 -isForBrowser -prefsHandle 4548 -prefMapHandle 4492 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\browser" - {24a808be-857a-4937-872e-edae39cc14d2} 4936 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
NL 45.92.1.74:9000 tcp
N/A 127.0.0.1:55367 tcp
N/A 127.0.0.1:55369 tcp
N/A 127.0.0.1:55322 tcp
US 8.8.8.8:53 74.1.92.45.in-addr.arpa udp
US 75.75.102.102:9001 tcp
N/A 127.0.0.1:55322 tcp
FI 87.100.217.17:9011 tcp
US 8.8.8.8:53 102.102.75.75.in-addr.arpa udp
N/A 127.0.0.1:55523 tcp
US 8.8.8.8:53 17.217.100.87.in-addr.arpa udp
PL 51.83.132.103:9001 tcp
UA 185.66.91.18:9001 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:55531 tcp
US 8.8.8.8:53 103.132.83.51.in-addr.arpa udp
US 8.8.8.8:53 18.91.66.185.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:55322 tcp
N/A 127.0.0.1:55322 tcp
N/A 127.0.0.1:55322 tcp
N/A 127.0.0.1:55925 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:55933 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:55322 tcp
N/A 127.0.0.1:55322 tcp
N/A 127.0.0.1:55322 tcp
N/A 127.0.0.1:56348 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56356 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39642\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI39642\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI39642\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI39642\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI39642\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI39642\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI39642\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI39642\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI39642\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI39642\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI39642\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI39642\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI39642\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI39642\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI39642\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI39642\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI39642\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI39642\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI39642\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI39642\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI39642\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI39642\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpr0vf97wk\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI39642\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4860-485-0x00007FFC83AF0000-0x00007FFC83AF1000-memory.dmp

memory/4860-484-0x00007FFC84550000-0x00007FFC84551000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

memory/1248-521-0x000002A52CB00000-0x000002A52CE55000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMfSyhj\prefs.js

MD5 031db1a310a351a2ce520f20cfd11537
SHA1 524e1be535c27776a025652434378f164b333462
SHA256 6aa82493beb3e3b7177cd40c9286c286b4edd2f7427a28a261476ee7fdf1106e
SHA512 d762a09d436cbc489a4f23c6af99f4206d0b21d1ed88cdbcd98454161a779aa56f9eabbdf44e0c0b05830d59f8e0eaf4b345f16e04d18a3837b43f986955b3fb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMfSyhj\extensions.json

MD5 89ebe0089a245d5b45df79a2a85e8ff0
SHA1 a886ff5f53be2a15da01c60c64d906729acc442c
SHA256 5fd67323b1fbcd2702ed7ad97c6e2d780bbf5583385ff6f7eb8f3df18a847f91
SHA512 689573a9ec8500329c2a9c5367e4da40a2f6c14dc2c8e5d53d3b0afe9b348b4021ed61cdebe1d244669e058cff9e1fc4466d22882b496a4a076e981ec9f80d82

memory/3884-564-0x000002B8C80F0000-0x000002B8C8100000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMfSyhj\prefs-1.js

MD5 263f48d859ae7537b949dbfaf104e797
SHA1 3ed71af42a57791c083e6342b8220ed01659eb07
SHA256 299bf319a053feced6e1b13cd7d931ee1deb8ade26321216bf904c69bfabeb3c
SHA512 295363b59a438f02f92aa6b8d52dcd0e53ebea470077b954925426be855aeec3a9c516ff846d11ea1d412940705a3da29034790a7fc7453962e5eb5307d25a8e

memory/4860-613-0x0000021EEFE00000-0x0000021EF0155000-memory.dmp

memory/1328-616-0x00000269FC100000-0x00000269FC455000-memory.dmp

memory/3128-617-0x0000018B35800000-0x0000018B35B55000-memory.dmp

memory/960-615-0x00000210ECE00000-0x00000210ED155000-memory.dmp

memory/1568-614-0x000001CA3B200000-0x000001CA3B555000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMfSyhj\prefs-1.js

MD5 c45fba1db7a64a594d1e16dadd739a59
SHA1 3b63b56552cfeafff25e02271543498360e9d074
SHA256 3f2eb082f5743362328a159b2e67c6209b78ffd29bc67b321b75d9ca57d6cf12
SHA512 8a5c301e7538f4860b1093e312f6ea478a2b202463afb9b2d1bd7596cdaa4491cd232f738d3fcf9aab5e02b9a067bfd355afb8b50285af0ae41fc594e613c997

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 16674b4ada3c35708be9403d898ca261
SHA1 8589db823838eae7116c60ae7b2f633cd6a0cebc
SHA256 9dda192f225edac0e323163e9f605cc517e48b0c4b8ead605672406462d279e6
SHA512 74ea0763dbe1cca157f1de42584891bbf6cc8170b5ee3fed5fd1cbc9643c0c63bc843f413a0d46f836b84ec0171bf591bfb090e8e86fef392e777acae05d0efa

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4520-880-0x000001BFE4D00000-0x000001BFE5055000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\prefs.js

MD5 6110a0c475864e4a21f8b456824fc95b
SHA1 a973052513a2880c987eae51871412fc08fcd19a
SHA256 53c78b51c42ec9c305766d43d9fa299ac6509a68a35dcc95a288d821152d66d0
SHA512 e184f496411336fcf75c69ec26551af729731f7e58bb817d64ae4fd4759f7f489d7fe3324cd9991b84108b8fe0beed6d1c68629be73da276921f15d05755dcd4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\startupCache\webext.sc.lz4

MD5 32b345ead22d7251cf4571e55c0a9e45
SHA1 6b6a552208a2b9f0d17b3fc55bedf199f5a25c7e
SHA256 6334c9f835383e6cea0b869a7e5d144c20b44a615eb9d2492a395887369ef3bb
SHA512 d7b19fc965cfedef505263ec98db20a1579d1f017ca58984d95db09cf05d7bf898c5785427894f7066159d2fed04da83eb2f66d689a14524564646ceba65cee7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\prefs.js

MD5 2a1a4c2c13b9f13adffd6d195c18f5fb
SHA1 a4fd5406aac12507f82931c9c93a0ea1cf436900
SHA256 b3bd88cb39bafaa1ab8597334e4bb637b17e4d1ee4bb7b71f1b36c37dbd1d43a
SHA512 112d36f050ab75e2928277a644a91eba215b9c08bd254e7e822ee44e1d7fd0428773501d2e6f94aef0dc5ffcaf50f097b688c94867d0ff76f4939dd019b2c00e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\prefs-1.js

MD5 0f03bc276caed0900a914ceba1699414
SHA1 2fb2a9d62a7b1235c48a9dea2d4865747d977279
SHA256 943ac005b672bb9d41fc94eda4aa662143b58e806de973987911e57c157f6662
SHA512 aa304c9d2733aff6c803d26b57ecaf2ed6a8200cf25f67782bd9e83fa4c7176718d98de414512b4ffe62c1a21942910822b5f581ef28ff292fc79bd6bdcd6872

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiler8TADo\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8ybrOc\user.js

MD5 3f8ccb76ed9b1c5e31feab6dc4028c06
SHA1 6682f86c951f6f24ce4b94221d788d2d7eeed7fe
SHA256 a8661a3ac8e8053ecd38ba6b536f88156b239fb36c2744cb840a1d68ab97aafe
SHA512 5927baf5729565c8d5b211c754cca5fbdc11ec2189a8a267a917a8922eb677359f846c7514ef7a20a70ba6152cfd4b8c530793008054eac6d0ffedc979ad1dee

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8ybrOc\prefs.js

MD5 21d64a778acb5f5d5539fc6c61b5f13c
SHA1 87dcea7bccda0f9a290c0240c0c28b85533bdc7b
SHA256 e915cbb46758de03da2f22144791806f93ad17bf364b0e88ac026657e625aac9
SHA512 7adac275abdff8122334b04a7457255a9c3959610fdb0b78d5f6d4cd866fa0cdcec7778f003641523295bd2c15036def9b1b3d4a07b7eaa053a41e7dd80aed82

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8ybrOc\prefs-1.js

MD5 613b5d1588a458957255ae2472919c4c
SHA1 2df1970691431c31d8a4a34e0d01a18a569a584d
SHA256 fd2d40180e9811b20f2cf2889017a5c216b5e141ab8e5996ee7bea694d94523c
SHA512 bae569eadc4a46d97190f001f531f3d53ec15de380bc65b42df7928a38eace9fdb60a86e9c29e5b01af980313dc19dfdd6e8c91681f07511d6916a8cebb8cd02

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:30

Reported

2024-05-09 01:41

Platform

win11-20240419-en

Max time kernel

300s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3900 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3900 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3040 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3040 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3040 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3040 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3616 wrote to memory of 4040 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3616 wrote to memory of 4040 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3040 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe
PID 3040 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe
PID 2604 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2604 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 3148 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe
PID 2336 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5xoTN5

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5xoTN5

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.0.652199936\437566985" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {3cbdd2aa-942a-4edb-bdfd-6d6adaa372ab} 2336 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.1.564409264\1614778251" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {ad1373b4-53ed-416d-9ae8-d3e490f56b81} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.2.186349802\1736617786" -childID 2 -isForBrowser -prefsHandle 2920 -prefMapHandle 2596 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {d2268bd1-a90d-47e3-9bb0-d7f8f6015e55} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.3.1069581484\61964543" -childID 3 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {0f6c628c-8ebe-4705-8f5d-368131affa94} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.4.1381273679\931564151" -childID 4 -isForBrowser -prefsHandle 2720 -prefMapHandle 2456 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {2d019ed8-22cf-4fa9-ac4c-afcf215c5f2b} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.5.649071878\717610686" -childID 5 -isForBrowser -prefsHandle 3804 -prefMapHandle 3360 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {01783de3-7967-46e1-bab4-32b0c7f1cdb4} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.6.169305356\358296782" -childID 6 -isForBrowser -prefsHandle 4060 -prefMapHandle 4064 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {45f7ef23-866b-4d24-bace-93a38da877a0} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.7.1628932157\408204937" -childID 7 -isForBrowser -prefsHandle 4404 -prefMapHandle 4384 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {d38182d7-d7a5-4a33-8c92-19e18b4ab39e} 2336 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe" -contentproc --channel="2336.8.819491716\360373751" -childID 8 -isForBrowser -prefsHandle 4392 -prefMapHandle 4552 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\browser" - {3674993f-51c3-490c-b9a4-f01e0718ae2e} 2336 tab

Network

Country Destination Domain Proto
DE 148.251.91.87:443 tcp
US 8.8.8.8:53 87.91.251.148.in-addr.arpa udp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50049 tcp
N/A 127.0.0.1:50003 tcp
NL 198.140.141.52:443 tcp
US 38.132.178.154:9001 tcp
N/A 127.0.0.1:50003 tcp
US 8.8.8.8:53 154.178.132.38.in-addr.arpa udp
N/A 127.0.0.1:50211 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50219 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39002\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI39002\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI39002\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI39002\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI39002\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI39002\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI39002\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI39002\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI39002\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI39002\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI39002\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI39002\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI39002\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI39002\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI39002\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI39002\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\tmpt61ehmtv\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI39002\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/2848-490-0x00007FF8C33C0000-0x00007FF8C33C1000-memory.dmp

memory/2848-491-0x00007FF8C3910000-0x00007FF8C3911000-memory.dmp

memory/1812-524-0x0000022F2CBA0000-0x0000022F2CC76000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5xoTN5\extensions.json

MD5 7de6cd53ae06517d479da2e08f72cd45
SHA1 f534df8532dc0703a49ad6087413128ca2b1a6cc
SHA256 5308b99eec769f34335c45c231d0ec5a7d050226831f45754867d629f1a9e082
SHA512 bf77c4435773eeee82e8002b19d50f43c24c9644b42e127d35e261558c3267c07d1795d4f2ae5243af52207d4a78b03a509c1f06bd76248335feb25a16daff5c

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 2c4a39a75cd788df59600002ad156e07
SHA1 e295239548ce9111f5699cfe29f9dfbdf6f288fa
SHA256 9e3b4a4ae3346a16f9effb9638fe7ba7f7106e712d6948cd28b35900ed51de27
SHA512 c91d4a0314c0483ea832b5a98cba94688f720edec61d287db1e8666155c47967907df18aa164f56a58fd16c44c5bb496f292bd4c5057c468622c59306f8ace5c

memory/3884-609-0x0000025827A30000-0x0000025827B06000-memory.dmp

memory/4420-610-0x000002548D200000-0x000002548D2D6000-memory.dmp

memory/1892-612-0x000002A662D00000-0x000002A662DD6000-memory.dmp

memory/464-611-0x000001C600510000-0x000001C6005E6000-memory.dmp

memory/2848-608-0x00000206EF370000-0x00000206EF446000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5xoTN5\prefs-1.js

MD5 725271c168622b9b1ad225ac4f4e649b
SHA1 c66494a6503948a0398d255ef9feea9adc13901b
SHA256 c619871f0ab907faadc32a4b14ae8d4cdb3483e3abc649e27ce23ea9e4ecc15c
SHA512 4a7647445eabf9c5cc9408e19dec4bbf3db8fe875f683a42ac4bf7e1252e06c3de40ae5a0a500dbb2f7a292ea612b69cdf4f77021771c0d516780cd94e10cecc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5xoTN5\prefs-1.js

MD5 da2ec5ea46158c35508c5c13ce0abc07
SHA1 69241027bae2e967d48e74ffd77a3b807e718ee0
SHA256 7dbeae271250d958676ff37f8a897e6a32784f440a5f21c0608480be3c3a2787
SHA512 b3c964f6efa86f74378745155e3b4bcf7d0e5cc28d685286b350ddee0ab04c7382c529e2d827a84faa6b7abfea17a2e2863e73f1fb63cf394ff742b29665db54

memory/2456-698-0x0000020CAE600000-0x0000020CAE6D6000-memory.dmp

memory/4856-703-0x00000240B5F00000-0x00000240B5FD6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5xoTN5\bookmarkbackups\bookmarks-2024-05-09_14_T6u53mPvyLQndqxVPTv9Qw==.jsonlz4

MD5 55e2001cfe7e1e02ddc10b249a711065
SHA1 66d54c487a19b467c6e0885a3f6a0f415c44a58c
SHA256 8e16428e3972e80e5b77a37eddfd9338431110e31cf6a95b6a7bb45cc82095dd
SHA512 75dac859ece5652f9ca69b3f4919497864045349bebb800bd2d2f80d988c0a176efb7ae4e739f51995a0709e49e4501c8027730c029666de9ed791054ad26229