Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-bwcszadd42
Target light.exe
SHA256 799b31e4431401379cd909fbc8825f27e8a1c7172843a755a623257dd003fdce
Tags
pyinstaller evasion trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

799b31e4431401379cd909fbc8825f27e8a1c7172843a755a623257dd003fdce

Threat Level: Shows suspicious behavior

The file light.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller evasion trojan

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks whether UAC is enabled

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies registry class

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:31

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win11-20240419-en

Max time kernel

289s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 236 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 236 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3980 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3980 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3980 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3980 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 1696 wrote to memory of 4968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1696 wrote to memory of 4968 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3980 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe
PID 3980 wrote to memory of 4652 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe
PID 4652 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4652 wrote to memory of 3736 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 3736 wrote to memory of 4808 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe
PID 4808 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsfEnH

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsfEnH

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.0.1285939403\286898703" -parentBuildID 20240416150000 -prefsHandle 1696 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {cc4fa614-6fec-4904-8960-32d46ee4e6d2} 4808 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.1.1153630044\1463383272" -childID 1 -isForBrowser -prefsHandle 2304 -prefMapHandle 2880 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {4d4e8b24-31b4-4671-ba29-9ef395bb551a} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.2.1583695502\1546484457" -childID 2 -isForBrowser -prefsHandle 3100 -prefMapHandle 3096 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {3397192d-654f-4e22-8ca8-37285ee63b3f} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.3.696131868\1072073506" -childID 3 -isForBrowser -prefsHandle 3520 -prefMapHandle 3564 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {52818df7-63ee-4169-83d7-f283ef096522} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.4.1693256022\1797383060" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3812 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {1c7e171d-2b60-4afe-968b-995f61b6adb3} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.5.73327449\811331234" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {d58ca282-14e6-4b91-a58b-be0b5f6fc02e} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.6.263517273\1383753817" -childID 6 -isForBrowser -prefsHandle 3300 -prefMapHandle 3124 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {72e8c1a3-e339-4219-8548-ceb7a08596b3} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.7.1992533155\2109106489" -childID 7 -isForBrowser -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {22ca03a0-6dec-48fd-888d-b5db397e07a1} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="332.0.195346354\195206819" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {dc5e4abe-31cd-4470-aea7-09ff7540ebbf} 332 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="332.1.1000918391\1372909792" -childID 1 -isForBrowser -prefsHandle 2292 -prefMapHandle 2932 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {920c686b-9923-4d07-a63a-efdf8b6f7930} 332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="332.2.318474045\180666081" -childID 2 -isForBrowser -prefsHandle 2776 -prefMapHandle 3064 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {b95fc7fa-aab6-4670-b3a0-d5618c5bc873} 332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="332.3.1458570401\2144905738" -childID 3 -isForBrowser -prefsHandle 3188 -prefMapHandle 3176 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {806c0b71-062e-43e4-8047-7e0272660312} 332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="332.4.211059187\1254613089" -childID 4 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {c121bab0-18f8-4ca5-b9b6-6bce9e1a0f53} 332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="332.5.481217810\334894176" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {f137ba27-2dc3-4b01-a0d8-8a3d8f717ecc} 332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="332.6.910020671\1446610459" -childID 6 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {3230359c-ca0a-4061-a6db-429e25c857aa} 332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel3HHfZ

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel3HHfZ

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.0.1075273377\1309220810" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {89370602-44b4-4801-a020-0e7138a83899} 1544 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.1.647363668\1072658182" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {937fb1d1-88e9-4033-9d85-958486d14c7a} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.2.1700210051\1650459547" -childID 2 -isForBrowser -prefsHandle 3092 -prefMapHandle 3088 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {9e2fff85-58e6-4d93-8b14-efe339f77cca} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.3.1983817680\1413598017" -childID 3 -isForBrowser -prefsHandle 3096 -prefMapHandle 3376 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {1ddbb9e3-8f5b-4be0-88f6-f153ee883adb} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.4.1614218961\880726772" -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3828 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {a2e7cc6e-57ed-40bd-b431-90c10c9f52c3} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.5.1151469325\1700241205" -childID 5 -isForBrowser -prefsHandle 3896 -prefMapHandle 3900 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {95692b54-6589-40f4-ae68-c788914125fa} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.6.1063424619\647676239" -childID 6 -isForBrowser -prefsHandle 4084 -prefMapHandle 4088 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {0a78f5a1-1872-4301-9d28-14176f8ef93c} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.7.21813472\1658917499" -childID 7 -isForBrowser -prefsHandle 4488 -prefMapHandle 4492 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\browser" - {d392054e-40c8-48de-8b64-cae1b2ced5f0} 1544 tab

Network

Country Destination Domain Proto
PL 45.80.158.205:9100 tcp
N/A 127.0.0.1:50109 tcp
N/A 127.0.0.1:50111 tcp
US 8.8.8.8:53 205.158.80.45.in-addr.arpa udp
CH 185.195.71.6:443 tcp
N/A 127.0.0.1:50006 tcp
US 8.8.8.8:53 6.71.195.185.in-addr.arpa udp
FR 146.19.168.223:9300 tcp
US 168.103.87.18:9443 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50215 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50223 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50609 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50617 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50928 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50936 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI2362\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI2362\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI2362\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI2362\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI2362\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI2362\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI2362\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI2362\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI2362\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI2362\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI2362\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI2362\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI2362\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI2362\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI2362\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI2362\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI2362\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI2362\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI2362\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI2362\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI2362\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI2362\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpbesz597q\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI2362\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3748-493-0x00007FF81B6E0000-0x00007FF81B6E1000-memory.dmp

memory/3748-492-0x00007FF81C5A0000-0x00007FF81C5A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsfEnH\extensions.json

MD5 fc03b466b14c82ccf488eccf7dc4d50d
SHA1 e4f815f8a5d7b439abc3d4b971b14cd9b9d6b84c
SHA256 a390d848849624ceb68e2b86d554cac13001f7669bfbb724cd2559513d34d529
SHA512 a29b5fd4f66847c2e6e0a186da22853d884108044330fe22c3a4a48c4a02af5886979af490ff84b3d435bfc23382ee08603a3d884d2a6c699380745f80b3bcb8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsfEnH\prefs.js

MD5 4505b34e49bb1118632ba1ca1d3f02ac
SHA1 4f64a44134b23daebef56acfd732dfbd7ad90fc1
SHA256 961c57419634d290375e13276108079be9b57727596024a7644162d056715bf2
SHA512 22f1165ca9c0fc47cb41a665de092d29a9ec4985fb55f4f0a570981f127e9df07136821d4030fbddb77b0a39e068b7e7301a5f2eb0584a0bc8e2e23a9c59843d

memory/4808-558-0x0000019E61170000-0x0000019E61180000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsfEnH\prefs.js

MD5 209394bb8c5e9ee457d0719e2b543633
SHA1 78d38c832d099e96e2c16a538c01517e9c43a95f
SHA256 5d631f3942fde3210bdbd8964be435f2b88c81be512cfaeb43e5308d6a5bc95d
SHA512 8558d87909ed413aeec851fe0a1ba5a3c30988e99d501d80de1f9328a95e1fcd11e2683576dbef5c332a4717afc5209bafb55dccd8848cbaec2bf4e8df391751

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsfEnH\prefs-1.js

MD5 92c70162a6fedf28586bd044ff2a188f
SHA1 d75b214dd1e49fe882f24ec86d13652addc61c87
SHA256 492d794939e19b13c249018d62929ce3cca6131916b53d61f3cf33776c7cd956
SHA512 46360f8710db3514307d1046a8a55c8140e6cb458602be59f577c4a1f58e55c180ed23fe14b49500a55c63dacccde39e975cd994f98e6ceef9a2888afac12fe4

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 b6bbfac149f6065af5319b60b336fcea
SHA1 34416667a23ea8ebd32008f8e13532227be3a07e
SHA256 a912004430b3a658c4a28ef238df533189cbb9a9abeedc0fec7d053aa8a3179d
SHA512 2f7ae1bc5b78e303ac1d830f67a8bbc34c728bbd5a868489540e0990ddb6416f63779d34016f8e00fa93f09d7d4d7aaca028491da767570ab55507a621244011

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsfEnH\prefs-1.js

MD5 6328ee576d3bbbdd400f4a4fea7e9fee
SHA1 90cd2699ab0747b60e223f6e23b8c633ae55e5c1
SHA256 7e9d74e38958e408bab75f51c4724cd6fafbd3c0a32956f30290a81833792053
SHA512 dceaf4312f35dbdd1ae9c706d29f357b86ab4a8d8b97e30108c6833879539c6dbfffb1744b0d4102c82636ddae87019c4b594a8cf888fe21f8e9911500be9c3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVsfEnH\prefs.js

MD5 30ff6b94fa84224c7566e35c42c24a15
SHA1 9a2967b943b169b5b97d50d54052f76ba3dd336b
SHA256 fcb432126ceff4429361ee48f642eee922ea46e2400b2ab7e1680b0656243be1
SHA512 4b40306a2fb98940f6e4c530039843d5266c734d09b45813e5a8a30e14ada8d355d024fa7b5c995fe3755e1326b2a7dd57bd48c1a06a9bb9dfca28d0ca96afdb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\prefs.js

MD5 26ef56490d68d1a4b16cd5a5b5e2e0db
SHA1 ce9de5553e16b4cdf5f6648efb2ed99c47cfb1aa
SHA256 434765096b5f74c610abf448c9a1d098ef613ddfe2d5ac5f7f49da835f632a21
SHA512 cda28e266bb90fc71147942a865df974e9ef8023ef8862975eed2b6ee98bf0037278ae8769678b97c265144c42bf97f9c4b064bfd667d2f5572670de0a3bebff

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\startupCache\webext.sc.lz4

MD5 9290bdae7db396c312b81fbd6499e77f
SHA1 f6fcd89eac59cf2184193fec30415ec3bff3df1c
SHA256 ddd1bbb6f5af6975770eeb1ce9deca0399761fa8e9548eff48101395f3dd3678
SHA512 15e00f8dc83be6e022123657ad0b3e40b8b8e16051e0c6f3fd91f722d353adb2de7216425b443e3dca41ee24f79929cfa1dcf988dd7541a9cfbc3c4637930449

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\prefs-1.js

MD5 42588d5eaf36023eedbb025e90647ea9
SHA1 d7a777c53e1bcc9cd085bcff248182bec7f12173
SHA256 c210b6d93099f8ce7fa543d9eb5a35d91856894fe30231bbe585e16045afde2b
SHA512 929842f8cf99bd33fed1eddbd62c2edb2600dd25ce2cd902f4aba163dd7253ef0d75552756294cde920e807c7dc9e802c3835b0cbd27383f9f244197f4e2897b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\prefs-1.js

MD5 316699019d190ce0809860ae4a573403
SHA1 619c2451e26311f0179dc1e145b7fa0805a31d0b
SHA256 7c33fcb6fd5e508b14706ea955b12b62838c07aa75f50237d267d2f706002d87
SHA512 01adec6032bf5cea8a08b90d43df1ba3102cf18b210a67f38a4da7e9a946b877641c5e974fa7f43f23916a51a15b4e54819e81c434ccfac8d6fc948b9093b20d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSjk6Rc\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel3HHfZ\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/1544-1204-0x000002B0E4DD0000-0x000002B0E4DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel3HHfZ\prefs-1.js

MD5 363c5d10ad62d6ef4242248cfa97ff39
SHA1 cb84d8949625a9d40250cff62a5118002c1d2b87
SHA256 4abaa9e53985a46725201cf56cc8e23b7a541eb269e674cce8942a32b49f8cfe
SHA512 bdbb4d3d8ad7cac560cc7c3bd2375bed4b53f204f8472ab84e06588844db5297af43418fd33de7b0e0e95e7e25aa7970d9530b04713bd4ab0c52400e1192685c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilel3HHfZ\prefs-1.js

MD5 0a8fe94d15dab17082fae6972ba2b1b5
SHA1 6d7474308992c2c30f9d0461e99d9693d984b520
SHA256 c63b0d4e571af6fbee569ed2cd719c4960903c2b39517cbe6aecd5e504303386
SHA512 b3711c147a791d7b4b859c0539d58c48c4ff44bf6b3cd644ea26175ce9b1bf726a816480542e5c236a80ef31cd6dd510c6d0c3a05b6629bc80fd7c264b32df0b

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win10-20240404-en

Max time kernel

284s

Max time network

303s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3428 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3428 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3076 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3076 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3076 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3076 wrote to memory of 4608 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4024 wrote to memory of 788 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4024 wrote to memory of 788 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3076 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe
PID 3076 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe
PID 4768 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 4768 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe
PID 916 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeF2Wda

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeF2Wda

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.0.1972454359\1406620234" -parentBuildID 20240416150000 -prefsHandle 1500 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {941fe7d5-e272-4450-91d8-9914a6f442e0} 916 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.1.1673241558\1820917177" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2908 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {47129a6e-2202-4397-a6e2-e8331bdd6516} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.2.1599721792\875988390" -childID 2 -isForBrowser -prefsHandle 2664 -prefMapHandle 2680 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {5d0ade50-6744-4725-a6bc-87de747e09bb} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.3.936840888\730137242" -childID 3 -isForBrowser -prefsHandle 2620 -prefMapHandle 3084 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {e44f52b6-f0d1-4cf0-ba6e-f9c5e32704a4} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.4.906637073\1901750780" -childID 4 -isForBrowser -prefsHandle 1364 -prefMapHandle 1360 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {a4741726-5589-4719-9af4-5bee8f6588d5} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.5.1676379427\1656508206" -childID 5 -isForBrowser -prefsHandle 3604 -prefMapHandle 3624 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {e32639cb-4455-4120-8a6d-0bd12ce32450} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.6.2015676111\153512408" -childID 6 -isForBrowser -prefsHandle 3684 -prefMapHandle 3688 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {002c8e9f-b792-4475-a860-aa6334b7ade7} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="916.7.300480756\229252160" -childID 7 -isForBrowser -prefsHandle 4196 -prefMapHandle 4200 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {c934312b-66a4-4165-bfd4-f9619c179f06} 916 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3888.0.754129123\23173520" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1432 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {fdffec70-0d19-4e74-b90d-d05d5b215aaf} 3888 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3888.1.789237879\311254835" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2356 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {4021276a-db13-4833-9a48-c88a41a58224} 3888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3888.2.1413130035\1056732376" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {4dd94642-2481-4a47-a516-366fdc1123b1} 3888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3888.3.821081279\828230972" -childID 3 -isForBrowser -prefsHandle 2988 -prefMapHandle 2984 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {ffd19ab7-5184-4b92-a2ad-4cfe8fbc714c} 3888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3888.4.1940154983\1004901364" -childID 4 -isForBrowser -prefsHandle 1360 -prefMapHandle 1356 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {29e29010-ba2e-48cf-8599-e1abc9a1b827} 3888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3888.5.687981167\991929344" -childID 5 -isForBrowser -prefsHandle 3768 -prefMapHandle 3648 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {330af627-0841-4897-9b91-c1be87fa6d88} 3888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3888.6.1953535028\32208372" -childID 6 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {51077ddd-1666-4525-9b3d-66b435397be4} 3888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3888.7.214339905\278327968" -childID 7 -isForBrowser -prefsHandle 4312 -prefMapHandle 4316 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {dab180c5-3b0f-4c89-857b-bc45bf138d9b} 3888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3888.8.1574248037\1987967108" -childID 8 -isForBrowser -prefsHandle 3068 -prefMapHandle 4568 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\browser" - {a288922c-e928-4a2f-ac1f-696a52b3ae2f} 3888 tab

Network

Country Destination Domain Proto
DE 31.220.93.201:443 tcp
US 8.8.8.8:53 201.93.220.31.in-addr.arpa udp
DE 138.201.202.228:443 tcp
FI 65.109.115.38:9055 tcp
US 8.8.8.8:53 228.202.201.138.in-addr.arpa udp
US 8.8.8.8:53 38.115.109.65.in-addr.arpa udp
N/A 127.0.0.1:50120 tcp
N/A 127.0.0.1:50144 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50245 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50253 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50652 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50660 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI34282\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI34282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI34282\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI34282\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI34282\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI34282\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI34282\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI34282\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI34282\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI34282\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI34282\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI34282\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI34282\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI34282\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI34282\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI34282\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\tmpe_r2kawl\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI34282\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI34282\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI34282\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI34282\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI34282\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI34282\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI34282\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeF2Wda\extensions.json

MD5 81879292496abb3d96c0777d48c53a99
SHA1 3f21bbf86305c9ae87f74cbfe11d7bfa77d802a0
SHA256 219f550d6d797f00bdcec52aef4045e40437a65031c9f9c765ed3f984a2f28d4
SHA512 48de65061d14fee72d7704cb58060f7f9c5a446a346283666389c88c3080e28daa922fa3b90a5481284c54a782edc9e79e094eed6d0ee7495cab5d72ed57ce72

memory/916-579-0x0000028CA1700000-0x0000028CA1870000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeF2Wda\prefs-1.js

MD5 da05a3a74744f282ea23f90f533300bd
SHA1 dccc86a58d1c49d06dad40b5f279034f64007bbd
SHA256 64426941669a60e6966b4bf4aeef723a0d87bbd4d16a642c607c86e81004f856
SHA512 e408b6e7fe794336fb9dce4f6a8262f98e607795460658f32a427e099798d7e1724731eff7d4ac98c3a58951707c90ec72bbc601c6cf298f3614f65a6f189301

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 9634679a3ca34f4dd667d27c7c3cfd66
SHA1 7cf8c357bae830f00494a33c8c4e64aada4acf4b
SHA256 625ad0a9a729328c924f45b4ecc659c443899d9200f4035c8aef74a190523872
SHA512 0c686a2e581a2b00379f2151dc20d427ba493ad7753703f706183c9615c9c82e85d68f4d0e7b83faf184fc4319f4a1d635bd6c294adbb65e0ba7b0bab1164fd1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeF2Wda\prefs-1.js

MD5 156ca26ae5b76b1390a51bd899aa9ab4
SHA1 2aede70a57960be730d818c518bbb7c61219ea13
SHA256 04aab85e9b84faa67bfa09a3237d75d2e35b2c383805a6dcc2cd45c1238a6dc0
SHA512 122fdc530274ff581d6f0ea650678e63806b7e021c950f3a1e34cc17831b3d830e67c63f879014b8fb8c50c00656324b7e0923b823796d013c3aac0de1f9a212

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeF2Wda\prefs.js

MD5 8ae3536cacb3fcec417abaed4a72711f
SHA1 a7de953f4e4d7fb6b21e7c7b9f761e63a646f676
SHA256 83075867802c7fec69764d8e173c5fa302f4012df0e676e52ebe2debee819317
SHA512 5a7dfc4ea1bc407c7312746f5ab371e50ec7bb3e17afb29cf58ca7333675ca99395e4134cd35b74ae210aad18a2b8a795107c7b8fd406afe87a3472c06b2670c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/3888-882-0x000001B5CB570000-0x000001B5CB580000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\prefs.js

MD5 1728be71f98459ce851ee63b35df9c88
SHA1 101eeecdef7b7d2b575297bb54cdb91e6a7b6a20
SHA256 ecc885096e008fab6f4b6aed4cee5e685f1f3bd6994e576c90a0157cf7ab84f1
SHA512 e9be084d760a89e2f6bec97495da8c73883978c0f41148f85a67eadced1ff94c289391e26a8490fb584cdd988df1f8ccc9d55977a9332c90ca64c4b8720d4f7e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\startupCache\webext.sc.lz4

MD5 e517651e3b70b339544bc9b192c27592
SHA1 0c8592d4e8cbe7c17c6ed3ebb288856805a8d420
SHA256 11d88aab11ccf14308f11f25d2f1322898519290579f5d0f0b88257080c53d13
SHA512 cc8d1c3de4065151a75ee96e1da1903f50a874c844eac5ef3a490517fbdd0501f34108f9caeeb1252152cf5ce0c3bd449f502371df52e7b36764cd0c94eecf4e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\prefs.js

MD5 7e2d065fe7131dec603af38c8be00520
SHA1 e6b95bd9991d749bb3a305fc2927f8ea6b1bbfe2
SHA256 b127e73b4be954f675552d507943b02901eb3e07a45c7b1f64bb14fdad12c4c6
SHA512 6b64b449340c947a367927e720c8652912396d7bf926779096df13c4aa75b76fa162615b22433f80d10122ef3a1e25b26b8d54ce20523a7adae0a56a8d2ba154

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\prefs-1.js

MD5 132690035a7cc80d6391ae4bc7fc8b84
SHA1 996c63edfd3d8dc647e1cd3699fad498d8f7ead8
SHA256 6e4248c04fbac3fd66a9abf1eebb71479b5f62772de394cf56e758cae0f4f321
SHA512 fc091caab740a9922110eae1f189f0be175e042569fde51e1c11ccb123cecfd034dea9fea04ac717a972592e7fb5beaab7cc79adb85ae2f4a969c4d37b55a9fe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVBnc6b\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win7-20240419-en

Max time kernel

287s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3028 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3028 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3028 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 576 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 576 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 576 wrote to memory of 3052 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 576 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 576 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 576 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3052 wrote to memory of 1640 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3052 wrote to memory of 1640 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3052 wrote to memory of 1640 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 576 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe
PID 576 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe
PID 576 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe
PID 2812 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2812 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2812 wrote to memory of 2920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2920 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe
PID 2508 wrote to memory of 236 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFJ67uo

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFJ67uo

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2508.0.379537868\542669828" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {1cbde0f1-b6d4-47f0-aff0-9979ea5a2287} 2508 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2508.1.778277908\109543327" -childID 1 -isForBrowser -prefsHandle 1612 -prefMapHandle 1976 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {b6468dd6-ab53-4fec-9471-bfdc58b23f32} 2508 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2508.2.496689560\1434789835" -childID 2 -isForBrowser -prefsHandle 2240 -prefMapHandle 2244 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {b37e0038-48cf-490f-831a-ff3a09594389} 2508 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2508.3.1682698246\1379582562" -childID 3 -isForBrowser -prefsHandle 2624 -prefMapHandle 2236 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {fee8e917-17c4-4532-9e0b-af49b17ca4eb} 2508 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2508.4.1933065435\1127871624" -childID 4 -isForBrowser -prefsHandle 2600 -prefMapHandle 2732 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {20798f0b-3428-4821-aa05-59fcae3a8eb7} 2508 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2508.5.674249346\1836784639" -childID 5 -isForBrowser -prefsHandle 2912 -prefMapHandle 2916 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {31a6eb70-7982-46c2-b3c7-6367e827dc7c} 2508 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2508.6.413661723\104807998" -childID 6 -isForBrowser -prefsHandle 3076 -prefMapHandle 3080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {4640d12b-d516-4962-a510-77686d61f09e} 2508 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2800.0.1940062293\1021477997" -parentBuildID 20240416150000 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {dc6f2784-2bc3-47a9-a32d-86c06d48ddc3} 2800 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2800.1.1612818775\1895986" -childID 1 -isForBrowser -prefsHandle 1704 -prefMapHandle 1948 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {4a2c8538-d328-47ee-989c-681fff029761} 2800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2800.2.1657830846\1745902300" -childID 2 -isForBrowser -prefsHandle 2256 -prefMapHandle 2252 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {41d92391-93c2-402d-8e18-926ffdc4119d} 2800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2800.3.1058732885\601812057" -childID 3 -isForBrowser -prefsHandle 2600 -prefMapHandle 1128 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {fe974a7a-26f5-4815-aecf-d67a474e3965} 2800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2800.4.1192580921\1502990694" -childID 4 -isForBrowser -prefsHandle 1092 -prefMapHandle 1088 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {e191e1e7-be3c-4e2e-8399-d6c292c7189b} 2800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2800.5.1087524377\1931583361" -childID 5 -isForBrowser -prefsHandle 2908 -prefMapHandle 2912 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {9d6d81a2-b9af-4d13-9c59-8dade78cf695} 2800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2800.6.1732572864\1815916802" -childID 6 -isForBrowser -prefsHandle 3064 -prefMapHandle 3068 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {2e1f5040-fe68-4d3d-8bb6-a379f28a54ae} 2800 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilep8wCkU

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilep8wCkU

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2384.0.1085777837\1408805205" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {7cba53c9-d557-45dc-b1cf-9bbaf741d3ce} 2384 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2384.1.949225416\61189628" -childID 1 -isForBrowser -prefsHandle 1636 -prefMapHandle 1604 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {8815cad2-3492-435b-b26b-fe9adc305022} 2384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2384.2.1835362133\550891736" -childID 2 -isForBrowser -prefsHandle 2236 -prefMapHandle 2232 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {2e66afc0-8af1-4fd3-8193-d0b2913f5177} 2384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2384.3.1861467779\1294718925" -childID 3 -isForBrowser -prefsHandle 2224 -prefMapHandle 2428 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {f43de48d-4af9-4d19-9a14-074f2e247e5b} 2384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2384.4.403632567\1413526231" -childID 4 -isForBrowser -prefsHandle 2456 -prefMapHandle 2300 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {cb5f8ec4-6c84-469a-8abb-388f077ba8e6} 2384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2384.5.554070798\2083107448" -childID 5 -isForBrowser -prefsHandle 2840 -prefMapHandle 2844 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {66bf0e47-2b13-4e62-bd11-936a6d8383ac} 2384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2384.6.1432656154\1771001873" -childID 6 -isForBrowser -prefsHandle 2996 -prefMapHandle 3000 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {b768d9c4-7b3f-4940-b087-7f50d5b9653b} 2384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\firefox.exe" -contentproc --channel="2384.7.161067413\223225794" -childID 7 -isForBrowser -prefsHandle 3208 -prefMapHandle 2844 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\browser" - {8ceca073-6307-46c2-9365-9181aeaa479d} 2384 tab

Network

Country Destination Domain Proto
SE 193.239.232.230:9003 tcp
N/A 127.0.0.1:49514 tcp
N/A 127.0.0.1:49522 tcp
N/A 127.0.0.1:49465 tcp
FR 163.172.182.26:443 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49663 tcp
N/A 127.0.0.1:49698 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 135.148.53.61:443 tcp
DE 65.21.115.34:404 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50153 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50188 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50605 tcp
N/A 127.0.0.1:50640 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI30282\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI30282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI30282\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI30282\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI30282\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI30282\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI30282\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI30282\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI30282\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI30282\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI30282\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI30282\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI30282\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI30282\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI30282\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI30282\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI30282\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI30282\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI30282\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI30282\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI30282\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI30282\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpns2golfu\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI30282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFJ67uo\extensions.json

MD5 f58c076c06a9069db3a430145e9cc496
SHA1 d23dd4812645199dbf681eb64e380318adb3fc60
SHA256 3c670831af38e4fc31dfd7f46125db8734c2b88b973e6fe050b120623228505f
SHA512 655b03d650e5dc36b8d55394c8a185f4bbc831aef4ccd3a7e140fe8206d92cbf7433750cf4e806599630d8a0ff3fcae1bbee4fcc1088b14f87c536ce623335ed

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 d262b8dc568b34fa0a37e37335db737a
SHA1 477338dfa2a841eaadcdeadb210ed0e9e419241f
SHA256 b11b2168de48ecb6a5daec15e1d8eebc52fa4597d174d3a55a930466f665b0ed
SHA512 ae2b0b4477d7d61c2ccbc948041e79407a140919da3dae63486e47b30ed9c041519bd3ce3cee62bc3c2ed780650abb8c54002c4197c6611af512f39da8e56f64

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 13bff86835937c82336a635b60a1b66b
SHA1 df3e943363526fde3d5b36f6e7717708118d6439
SHA256 0abf91ed70a636f672b803fbddd74e2ae7484bdc7a85f15da24b81c9e734d90b
SHA512 4d3d92b599ab6c4403ac2c3320859bab0394258116be27a36d866f3d1adc0ac8ac7abf98299e9c02b7246bab4e2bfc7534642612435b095cff2aebc3f15fe3d1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFJ67uo\prefs-1.js

MD5 c5f1d2b763161eed8eb540664ea226c2
SHA1 690bde9f988947ed74b4dda3545f811817ffc143
SHA256 10d88e0e9d635ac3ed57e7b1c9e2df9bb53fa037fa45704370198d5fdbaeced8
SHA512 9d1a131448313584f341b66d4e2e16ebdd29ebd242ee8deb55385083583d809a4d157ad6c88163df703d5fbee7f3395f7952fe4772815e360bf04196112c5ba7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFJ67uo\prefs-1.js

MD5 fbf0798cada65eb1dedb16bdec229908
SHA1 4589be8148fe520ed99f5203258b6674536fb150
SHA256 d152e2753129e5e5cd65a47e21c989ecf03cfdd6e4a269117135191ab3dafab3
SHA512 f001faf8c90c230851daa446b2d320f8ea171438a6d860b3d2d9444bde251e227252d3e80778652faaa08981af8920303dc83f9c2edba3938fd18607fdbfa8ea

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/2800-1148-0x000000000ADF0000-0x000000000AE00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\startupCache\webext.sc.lz4

MD5 cae078411d9a2fb52c030d5eadde5fbb
SHA1 28c9b6dd2a2ed1851e6c0dc6177b08439cfdb815
SHA256 cd64a662f76478afa48e657aa190e3f810453eae97332d0c6b767a5e5c7d9f76
SHA512 e5538172317063c9ac88ef6008d6ede8a4c47bdc0326c746a895f91bd9f76dfe57cfac16ac1bddc8b5d70b3366234670538bb05f1b5b4fb25ff8a2dcd42af718

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\prefs-1.js

MD5 caec2e28e08217f711823d11cb1bed11
SHA1 b34a2471b96fc078a3dbe4842c2f605ca77899cc
SHA256 54f95a52f03261f3cbf8f593556247f5b36b08133d9f5ceb03664a9553e0721d
SHA512 f3c109ecc25b1e451141ecf2bae2a681b2649c1c75f18221bea5c45ba03e82469059ed829bef8b30471d6ef0501cdb585263ab04891bfed883bbc3f4de73aabe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\prefs-1.js

MD5 7ddb2f7a81cd76e8813d7f6584c3af66
SHA1 f285c856b0e080c4d1ce02f0615ec86c137ca68e
SHA256 0c0c91fd9c6135577b4cd94d2716d61c9ad018b75e6654aa1020b89499a0fa0c
SHA512 9b4c7e7ac0c4f990b23c6a6edf994469171b0057ed7be72fbaefa1fb1528c41c29a0f97e8fbbd5c90db9559d9fdf729667536240355fade4e143f429a54c5461

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiZi7pj\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilep8wCkU\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilep8wCkU\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilep8wCkU\prefs-1.js

MD5 57735c23820db1ce935e0f21fce4a9d3
SHA1 425621e61f0461c74f51e24fe5643ab0f2d2cfcd
SHA256 3260ab6627ab6346f02e265641b22223ca4d9a1fbf4d8f0b4cd3ea417080680a
SHA512 fc252e76d7c9e3743c30f7abdb338c5897cc40a9b1666ed08f257fb6a8f231a70d89f4dcfae1e8580c6dc37d6c3ae24b2d0d8f291ee70d38655c190074ad2e8c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilep8wCkU\prefs-1.js

MD5 409ec0d88989f5ab26d39caca75dc57f
SHA1 7c39871a57328e27dd53c6dabf37bad7a66c2bed
SHA256 2daec0836a351c1bd2036dfdcd7061d31beaa614d779202ef2c8308f1964879e
SHA512 ffcb48485feed872ab55b906ee4597b78cd074423b9e4011032c543cd1109b545d84630a4a78aad818736193aab7223d17298eb2e07669ade2ec721facebb93f

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win10v2004-20240426-en

Max time kernel

295s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3064 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3064 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 2504 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2504 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2504 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 2504 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 456 wrote to memory of 5028 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 456 wrote to memory of 5028 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2504 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe
PID 2504 wrote to memory of 3304 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe
PID 3304 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3304 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 3936 wrote to memory of 780 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe
PID 780 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8xc1e

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8xc1e

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.0.1391010047\926742739" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {cca74ada-b058-4654-934a-6b7b964355bd} 780 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.1.2097135735\1294304419" -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {bfa501df-d259-438e-9c4b-49e0c85f4ce6} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.2.1058437868\2067763275" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {19b58ace-bb54-4c65-95fc-6d3032d6ae3b} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.3.625817095\1960372694" -childID 3 -isForBrowser -prefsHandle 3212 -prefMapHandle 3328 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {dbdefbd5-077d-4bd1-b9f6-dec1e335e04e} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.4.644207706\263898646" -childID 4 -isForBrowser -prefsHandle 3896 -prefMapHandle 3892 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {5ecca570-3f23-4897-85fe-928bb39db054} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.5.1842382738\970819950" -childID 5 -isForBrowser -prefsHandle 3432 -prefMapHandle 3372 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {d0de285f-6123-4b29-b538-fc8b68c3ca39} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.6.571529680\2121356039" -childID 6 -isForBrowser -prefsHandle 3412 -prefMapHandle 3416 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {37780c0c-9c01-4a38-b377-0814516a7df0} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4356.0.1367251738\817962599" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {d2cc5b18-6c21-4e2a-9bf6-c1c6c902cfbf} 4356 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4356.1.1393522550\302278145" -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2828 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {a1d156c7-5cad-4aca-a917-51db4e220899} 4356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4356.2.5223537\902340121" -childID 2 -isForBrowser -prefsHandle 3180 -prefMapHandle 3176 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {36a11551-052e-46bf-9232-5266c9e63287} 4356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4356.3.85823279\348942983" -childID 3 -isForBrowser -prefsHandle 3184 -prefMapHandle 3628 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {0a292cc8-c474-4016-bbca-fa57698c599a} 4356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4356.4.2095152161\91028894" -childID 4 -isForBrowser -prefsHandle 3892 -prefMapHandle 3888 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {5dd05021-57bb-456b-8fac-26a4da39fd10} 4356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4356.5.2014923725\99019426" -childID 5 -isForBrowser -prefsHandle 4040 -prefMapHandle 4044 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {c5d6f010-a3e9-46fc-a139-bdb7f3f4287b} 4356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="4356.6.738135268\1950090186" -childID 6 -isForBrowser -prefsHandle 4232 -prefMapHandle 4236 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {722bc19f-df55-424e-b7a7-c05e5c5d5898} 4356 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMg1vWw

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMg1vWw

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3776.0.873036598\1709720397" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {42e5b41a-2589-4753-9eea-d0891643fa01} 3776 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3776.1.786162373\1918920963" -childID 1 -isForBrowser -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {f6b6209d-1b40-4fe7-99a1-e0aa8412e10e} 3776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3776.2.120120070\237615786" -childID 2 -isForBrowser -prefsHandle 3180 -prefMapHandle 3176 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {d37737d9-26fd-497a-9283-cb7d5f2310b0} 3776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3776.3.1732413645\323730575" -childID 3 -isForBrowser -prefsHandle 3280 -prefMapHandle 3268 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {06a7e02d-0459-4ab7-a3b4-9a18f7d731fa} 3776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3776.4.236816349\948589965" -childID 4 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {c74f093d-267f-46ff-b7eb-28c127438fba} 3776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3776.5.164140482\513914186" -childID 5 -isForBrowser -prefsHandle 3968 -prefMapHandle 3972 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {316b6595-c0fc-4cf7-939e-5f09a30ee5dd} 3776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3776.6.944183949\499873631" -childID 6 -isForBrowser -prefsHandle 4164 -prefMapHandle 4168 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {70cd6728-942f-40af-b7b6-6cd01776a604} 3776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemA9q0s

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemA9q0s

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3528.0.216175464\1109517031" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1656 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {9fd27a78-e9ef-4a94-b39c-9a87691f3639} 3528 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3528.1.628684820\316716434" -childID 1 -isForBrowser -prefsHandle 2512 -prefMapHandle 2536 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {fe6c5880-d7d5-455c-a96c-7d79b593b534} 3528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3528.2.1531537103\129609706" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {97c63484-e993-4a64-b2aa-6e3fcb26d90f} 3528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3528.3.345973920\208145892" -childID 3 -isForBrowser -prefsHandle 3316 -prefMapHandle 3304 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {bda50635-1b09-4e12-b1e7-b7e92642f2b4} 3528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3528.4.971052843\756932349" -childID 4 -isForBrowser -prefsHandle 3620 -prefMapHandle 3624 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {df16361a-9806-44a5-b245-c526615407b9} 3528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3528.5.1029931621\661118875" -childID 5 -isForBrowser -prefsHandle 4056 -prefMapHandle 4060 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {5ea0e281-85a8-4d64-be73-79782f06562b} 3528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="3528.6.1507212932\1571733941" -childID 6 -isForBrowser -prefsHandle 4280 -prefMapHandle 4216 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {c707292d-9609-4f40-94c1-fd948ee5b0af} 3528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe --port 59420 --websocket-port 59421

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileozMz17

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 59421 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileozMz17

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="940.0.388032015\200502727" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {24be1d75-7494-4c4a-aabd-524e77848b0f} 940 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="940.1.1845806824\757084040" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {d5dcbe5d-5c2f-428d-b97b-bc1d29c46358} 940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="940.2.344458089\309573979" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {9de3e514-0a0b-497c-87e1-478448d2f6d4} 940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="940.3.1395171617\24728222" -childID 3 -isForBrowser -prefsHandle 3244 -prefMapHandle 3256 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {ee639213-0004-4996-a330-dc448075bf35} 940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="940.4.1577709554\46371706" -childID 4 -isForBrowser -prefsHandle 3844 -prefMapHandle 4024 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {082e51d8-6499-46b2-92ef-636c433146c3} 940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="940.5.1381716768\1566644226" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 4064 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {d1d3ef3c-7be8-4d4b-85cf-d1f052da4fb4} 940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="940.6.594294907\669600896" -childID 6 -isForBrowser -prefsHandle 4136 -prefMapHandle 4140 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {59e5a55c-9f5a-4f2f-ba6c-bae06c2331dd} 940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe" -contentproc --channel="940.7.733536186\552671490" -childID 7 -isForBrowser -prefsHandle 2800 -prefMapHandle 4176 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\browser" - {c466327c-c0e8-41d3-977b-ad9bb188c006} 940 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 147.135.65.134:443 tcp
US 8.8.8.8:53 134.65.135.147.in-addr.arpa udp
DE 84.247.164.65:9003 tcp
NL 51.15.150.228:443 tcp
US 8.8.8.8:53 228.150.15.51.in-addr.arpa udp
US 8.8.8.8:53 65.164.247.84.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
NL 51.15.150.228:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:59523 tcp
N/A 127.0.0.1:59525 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59620 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59628 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 84.247.164.65:9003 tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 51.15.150.228:443 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59975 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59983 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
BE 88.221.83.187:443 www.bing.com tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
N/A 127.0.0.1:59420 tcp
FI 65.108.136.183:443 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:60311 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60319 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:60593 tcp
US 8.8.8.8:53 183.136.108.65.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60601 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:59420 tcp
N/A 127.0.0.1:60881 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60889 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI30642\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI30642\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI30642\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI30642\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI30642\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI30642\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI30642\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI30642\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 dff7c11471a2f55c9dcdbffacbdd24e6
SHA1 a86bf99113b0118aaeca6ff79a53d2b1a68b85a8
SHA256 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5
SHA512 f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 b5c12d055da1a860c64e12fa500bf3df
SHA1 a609d35d60c8fb3b95e1c6d8d632ab4abcb56577
SHA256 0d2bcf89b48e95fe3b4a9b58e6cd24c1731559bd15f43cb3adb7421f67f00ee6
SHA512 0c0c75e4048c51af99ca26f7eae072ca4d432b09802cab168c467ce1801603594046e1a873502546d76e7b573a182b47a145ef885a3b12c86cebce751a84a303

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI30642\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI30642\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmph0ri729d\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI30642\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI30642\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI30642\top-1m.csv

MD5 11136fa0eb32dbafb2979b5c07816a51
SHA1 783b6bba1043b11a3850ba5c922e39bb1409d094
SHA256 98c29fb0f6ecdff973c17b62389b8892a69bda49e2dd0c0ca888ebf4ae1f322f
SHA512 3f20d5d0f977dc1661bdf98394674ac5c3b1d85873d6ddc1c2a430ae2d0d46d517473c9884e60474093dcac5436d8aab64d98c0e56532edc49b449822aecec49

C:\Users\Admin\AppData\Local\Temp\_MEI30642\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI30642\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\tmph0ri729d\webdriver-py-profilecopy\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI30642\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI30642\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI30642\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI30642\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI30642\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI30642\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI30642\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI30642\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

memory/4864-491-0x00007FFF2EB50000-0x00007FFF2EB51000-memory.dmp

memory/4864-490-0x00007FFF2DAE0000-0x00007FFF2DAE1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8xc1e\extensions.json

MD5 485b3ac836ffbed110336aa29be69a88
SHA1 53a0dddf8a6ec8577866b3b89060d2bb09e1177d
SHA256 81dce043cf3c7a44440c27411c26af9e834f329ce3d1255bfe319b144eddb60d
SHA512 d20c67e18476af661bf2023d2f0cb06293a1e9a6515bcf4c295c629197e317d25f13501649c26b88f5c37ad9db3bbe9dd54706e2293a4b524b0190966725487c

memory/780-546-0x0000022FAFCA0000-0x0000022FAFCB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8xc1e\prefs.js

MD5 b185a39e820d3990ce86bf898874b261
SHA1 ce7ea7c2cbc554c68121139b87dbec11ee4092cc
SHA256 3a33a911ccb7ad0b90f9667f31c1e01f9989a19dabecce407b640d57d925ddfc
SHA512 cdf0ce33a75d71a198b0a2ac2f89aed8713a60a84ae3700005f0aae478216f36bc638bda888f54d96aee6e49ccaf07aaf907f2136bb80481b9372cc156ea7445

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8xc1e\prefs-1.js

MD5 77b058c3d402039ae7943c5a5e222bb4
SHA1 c9a0a29d6bd9b0d09794034439d1cc7096eb7bf4
SHA256 9acd8c217b98e814a4d425591b03796ad6e076dffc8a07f164ba05497e710440
SHA512 fd4c30bdaaa903243be9be4b43fab14bcefd9efffb189ef1ff718ac342fe18d38278a01b746823af853701bb53a1acdef49bc635108accd2c5ed4ff7bb249bc7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8xc1e\prefs-1.js

MD5 9bbc96add5a1adaa87f41719161df4f9
SHA1 b0c3248bb25d3f87af72c74181f07cefd10dcec4
SHA256 efb92a59d0a4ae3def8bcf468fdd50cb958e6897aa6823f6ff180ef8fade7dae
SHA512 55cb72a7e6664d630be26bf55e4e795e811bd98b11bb3f11ddd0ea15e78727c079ffaa152d999d175ab5c607f46e9c61655d21ea5c15de5cc54dba6d0c162a70

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4356-836-0x000001A852CA0000-0x000001A852CB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\startupCache\webext.sc.lz4

MD5 92cc276e6f415daa8bc5a0903df46c61
SHA1 8d99bf76df148525a57e9d73b2d543ee8d8db466
SHA256 d38dea33c91fcfc61fb395adffda6c58631d6dbea12797de079f03ac1f6eaef9
SHA512 38211b519963fe1444087eac79f5cbac76421aa49c5e8ee641b3ca18f033376713a0c5f0597126012facd9cd3b4f67745edf99d2c92b0b525fccfbb41008f5f1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\prefs.js

MD5 db6ac301b2bd9a5e05777d3af94d790c
SHA1 7c1d05ea8f7908fe8c57d77de393896eab1d1e3e
SHA256 ed3592372b012f04823bf85ed10844a91be5145b45a397204753cfad5bcde5b2
SHA512 3cf56b6af80ab488b19b3493cb7db4c3d7e93e4f000a2cbf174b1975e8db148f0fe56a2394a504adc71335f376643d83d419fcb1d1c0ae6486a5bfd7ef42fd55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 056976b5236c0e97a2e6f13edeb3a134
SHA1 ca1e34687c43b5312b349bee0008104e316afe8d
SHA256 3d125792162e246e05463e6cabc21b39edee5db12ec675673d40a6a4be3b3d08
SHA512 aded3ab6963715c98949f64ff1dfd0904f120434288465155f7c206a66ab3a683e4fe628ca433284f3a59bc212dc4b64c9f54ca31651360f4992c6478cb2d70a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\prefs-1.js

MD5 7a24b4f0f5a49d0d778e5bca28b77f2e
SHA1 6745aef752f48fde99d3faaa2bbf2fe9ce4023c9
SHA256 485aff71a676fda6a8a664caa6d2c6b739c062cfe405a84f6f04649e005a6f4c
SHA512 f849eac9b3b381cc7dc98d44d940727eb432b1cd7d4e7092f27c4361d3c5728ce0950a5393c7c6e2fa140717e33e9bd93d38dd848b1598f76382eb18b22f316b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerj56Yn\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMg1vWw\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/3776-1137-0x0000013DAAFC0000-0x0000013DAAFD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMg1vWw\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMg1vWw\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMg1vWw\prefs-1.js

MD5 7e2048035f5284cab7efcd9e0031e254
SHA1 bb4e9315c8be25a1d21a9789e390dd2e3b311dab
SHA256 9bc41e83b6c9b2e4ab8161c8ff5381fb7b1ea59a72b6bf8f91f7f907767ebdd3
SHA512 7216457865843aeb7ea33542118638793c6ce737112985279928f7dd8d52a403793bc996a194587c327adb25d503e056132f1d3b37b6e51078b283af0e4cbb2b

memory/3528-1329-0x000001889D990000-0x000001889D9A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemA9q0s\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemA9q0s\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemA9q0s\prefs.js

MD5 62aa5078509242f6dd04fc4d530de2db
SHA1 3f657e58c83dca64e8a1e7fc4f123566b1a0de26
SHA256 8bf3eaa85ee8818a9c1d8275ac943ab1c626704d798f7476f089f33d38d6cc4a
SHA512 4a07d7ec97d399e33463e765cb4d5c4c4955703661d88cd4aa32f163b734f1703b8b67b8c1b8a932d2bee76b49f37baebdc53cc461fc4ca7ff309cdfb1834aa8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileozMz17\compatibility.ini

MD5 40a9f2ac3998e69f8aca47fa006f62a9
SHA1 5cfb15554fa89841b8a7c1137f919f82ba2e388f
SHA256 d86ded6027eccfdafc430a940bad57e2b252a08091f6433aad2bb089f4888b9a
SHA512 f90028553e4c4a0ad5e470a52fc6c72371be0ce2479458368786d07c6497c5560f8c11c84e52891331c772149bd1415631b813eaffe1379fda0cc6cbf927408c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileozMz17\WebDriverBiDiServer.json

MD5 b97bd8f843de3630884b3ac8be7983f4
SHA1 23bf652d14de1a7373aede5493e529e871044a38
SHA256 47b126e9ab756eaa5b12eca4728f9c0df6d5fb4c8cb289c975b52facb93f7a8a
SHA512 c66e5d43a911a165c3114881a08f75a672b7de79ae094517572593fee721ab6bcf60afd27645b502ae3e778d123c6f778cdf2164300386f85364bcb8192df98c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileozMz17\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileozMz17\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 e6c3bac1e5911b4248f439b28b991dfa
SHA1 a1a48c730006f41a2529557985fa2d1c2c48bf8c
SHA256 2c75c908c0a8490fc89efaac02d3fc2f6740e8e517c254e2b458456b1d7306a9
SHA512 276f57861d3cc5fe9a911f88c74032f67a0eeb5e588f1c8fc884c2ad238537a04d54f32298f52b4df26becd1a38d8f6e379c445793eb9e5591953133b0acff8f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileozMz17\prefs-1.js

MD5 76ee4f5eee528a37a6eb7eceb73038a8
SHA1 0f48802bbe5ed5bbc43511b777591e12bc7585cd
SHA256 64c1e78ac5e928138c0a96912a3ef413b85c0a53828902fe193f65132daf4174
SHA512 5a7c7d45ec5b0d4f1d6b39d6a74f61d2c9ca9c5b1a0a975cb25c7194669090ce2b74ba56c347239c80f74e101a19d9d70e94adcca4b507a522039e05a4a066eb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileozMz17\prefs-1.js

MD5 4a13249c53ce00cca81a57efad707a0f
SHA1 71de902b9c26084a9c7a3547daba24fbc373d3f7
SHA256 992c7c5c4a94818a73ef2f32acc3efbf4f2af415fc589bd6b78f6bf1509143ee
SHA512 172820ad7f1d210467fff6e58ad75cb45a61855570a1b5669044ab515e4c77f05b7493ef39542edd0cabe1fbb21c8d6a1e2588e06ffed99c6da5bd2c989d3d8e

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:29

Reported

2024-05-09 01:41

Platform

win11-20240426-en

Max time kernel

299s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\light.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\light.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 860 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 860 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\light.exe
PID 3388 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3388 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3388 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 3388 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Windows\system32\cmd.exe
PID 4192 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4192 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3388 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe
PID 3388 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\light.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe
PID 2112 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2112 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 2868 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe
PID 1652 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Users\Admin\AppData\Local\Temp\light.exe

"C:\Users\Admin\AppData\Local\Temp\light.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe --port 50020 --websocket-port 50021

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSDFLTg

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSDFLTg

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1652.0.55232044\1583327939" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {a0f2d338-f000-4586-b00f-07fe389751a5} 1652 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1652.1.765414080\211844479" -childID 1 -isForBrowser -prefsHandle 2628 -prefMapHandle 2544 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {df000fca-9dbe-44f5-be3d-ff2dfc116784} 1652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1652.2.1990271692\779913602" -childID 2 -isForBrowser -prefsHandle 2464 -prefMapHandle 2520 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {ad3daaa7-4de3-4dd9-9082-329eee9ee2f8} 1652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1652.3.86948630\1154200878" -childID 3 -isForBrowser -prefsHandle 3576 -prefMapHandle 3528 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {807c8474-ffc3-4cb3-9eba-bfe32855a720} 1652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1652.4.469612732\160215260" -childID 4 -isForBrowser -prefsHandle 3720 -prefMapHandle 3716 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {2bac77a6-5807-40da-b269-2a762a4a4bd6} 1652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1652.5.668422853\419091426" -childID 5 -isForBrowser -prefsHandle 3868 -prefMapHandle 3872 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {ec08f8ed-a99e-4540-ab1f-34002a8cee7f} 1652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1652.6.1606514135\1445158620" -childID 6 -isForBrowser -prefsHandle 4052 -prefMapHandle 4056 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {78f1e883-1a9a-4e34-800e-3e12d8ef112c} 1652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe --port 50020 --websocket-port 50021

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50021 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.0.1212118650\379311888" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {f7eaccdf-1843-4c2c-87e1-e0b24b660c5b} 4128 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.1.834748809\1614794394" -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2636 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {d1522ed8-cb8e-41bb-928e-3ba46b92b9ac} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.2.234641627\874110069" -childID 2 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {83c812f8-b127-4133-b8c4-1898aff0b416} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.3.1692565661\1571099298" -childID 3 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {ba792ae2-f19d-408c-8816-4e6581b7302d} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.4.77926306\547149489" -childID 4 -isForBrowser -prefsHandle 1772 -prefMapHandle 3628 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {f755617e-865a-4506-b262-9d2b2aa6a990} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.5.951841129\1460669543" -childID 5 -isForBrowser -prefsHandle 3864 -prefMapHandle 3868 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {f87ff678-e4ef-4dd6-8e70-9bfccf792bd2} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.6.973362961\1415500113" -childID 6 -isForBrowser -prefsHandle 1540 -prefMapHandle 1580 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {e42ff074-53b3-460a-b241-5b76a41d5781} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.7.239804064\727991850" -childID 7 -isForBrowser -prefsHandle 4444 -prefMapHandle 4448 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {f2e21dc7-252f-485d-86fc-1283cf57b70d} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.8.118580361\596291366" -parentBuildID 20240416150000 -prefsHandle 2268 -prefMapHandle 2436 -prefsLen 27675 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {0fd4ddb7-e2c4-4f21-88fd-2c9ba2f4340c} 4128 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.9.1875925382\1238649094" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 2652 -prefMapHandle 4468 -prefsLen 27675 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\browser" - {3d749e84-10ff-4224-b901-4dd65c9b620b} 4128 utility

Network

Country Destination Domain Proto
IN 194.195.115.114:9001 tcp
US 8.8.8.8:53 114.115.195.194.in-addr.arpa udp
DE 185.220.101.133:11133 tcp
US 51.81.93.37:443 tcp
US 8.8.8.8:53 37.93.81.51.in-addr.arpa udp
N/A 127.0.0.1:50036 tcp
N/A 127.0.0.1:50038 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50228 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50236 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50595 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50603 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI8602\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI8602\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI8602\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI8602\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI8602\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI8602\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI8602\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI8602\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI8602\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI8602\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI8602\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI8602\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI8602\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp6sjvusjl\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI8602\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI8602\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI8602\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI8602\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI8602\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI8602\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI8602\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI8602\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI8602\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI8602\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3344-494-0x00007FFC19B50000-0x00007FFC19B51000-memory.dmp

memory/3344-493-0x00007FFC18E10000-0x00007FFC18E11000-memory.dmp

memory/3640-522-0x000001DB63650000-0x000001DB636BF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSDFLTg\extensions.json

MD5 2004711d9eda03139c36d4660ec2a496
SHA1 a7ab3362ef99f89191430eb5b536f0708e5d9234
SHA256 1cac908464233a87615e0a73846fd65b60dd96e119ba28c0924ef02d55d67d65
SHA512 bd711fb27fc8fe0066ef90910af783db9e5bfbf4a2c0e264041f56557944ea20d6e62f170bd31b03271eec274f6b85f0a9880a8725a49be8fb5a8e6faa2b5860

memory/1652-559-0x000001809B070000-0x000001809B080000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSDFLTg\prefs.js

MD5 7aa8f5dfabc20cd6f51122789b4ef1dd
SHA1 8add884d24bd77b4678bd5d9713b959d1f558c80
SHA256 29a6df5d900e53f5655fc134c398edf1f4ccdbe8ad2cad8fbfd10aaf09fe4a8c
SHA512 a398ea8114c7f343025167f3d0039cd133011d7d9b21e9d6da50d2939b42bd3dea560dccf71bd86e4e5647da3205a2d5d998f9fc8075676666a9360fb1ce5530

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 a8461bb2144f41418e2bbeb046857c7b
SHA1 22083921ad4b45a7a0b8158c828f7653c91d2c98
SHA256 f0184a9a02489227069059d2d5415fbe4490f749981dbe35407a4f0da5075e43
SHA512 9a8831256eec45d638fd235cdfd37065d83edd259568d56870e4a69e83d2dbdad883688c45157f50ee50e24bd454eb79d48ed1fb0c804de82632043f00f62ffd

memory/1652-603-0x0000018091E20000-0x0000018091F90000-memory.dmp

memory/3344-605-0x000001F52F700000-0x000001F52F76F000-memory.dmp

memory/4668-612-0x0000023174ED0000-0x0000023174F3F000-memory.dmp

memory/1540-613-0x0000025266B00000-0x0000025266B6F000-memory.dmp

memory/1188-615-0x000002287E0B0000-0x000002287E11F000-memory.dmp

memory/2916-614-0x0000025CA5F50000-0x0000025CA5FBF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSDFLTg\prefs-1.js

MD5 23ae605fe0da10ea679d66b29bbe19d8
SHA1 9b678485bccfa1cf70186a45fb6d2332f478a1b8
SHA256 99d1c6711e9c09fbe6d84052dae396c1619e059d8ac099e17d5c323efd6d1c7a
SHA512 7cd2283799989264f10bde47fbe1380a18bf1647e5b85d75db40e0f5c23d62fec570827de1ee3042d63d74cb5a7eae77ac12a00f766e16e56173ee6899c93a38

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSDFLTg\prefs-1.js

MD5 bebf206fde2925f706b8441c90ddb333
SHA1 fdbbf9f85425502430feffcf1619c2a5086ce47a
SHA256 93b1d028b488cd9f3bb8098149f784b04237a12f764960cd21f25fa9157487cf
SHA512 6aad0c53b6b0e247d89adb10ee3789346c3f2ddfbbc635273e19462632f292abcd3c5d195d7b75649accac4be8bf6a9462fd1442f083f11fa2548ce222d6cade

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSDFLTg\prefs-1.js

MD5 10f070d716a64965441490879cc87cfd
SHA1 eb72b96f8153fb90c90e4d14f93bed2e7e09a909
SHA256 9e1b5d6ffde4df89a6b47d9ab1d826cca5c884aaba19dc1c848590e75f600463
SHA512 9266701640cf02a2787b21804796f235958dc1f496e411eb3fe65248b463687761cc165476edbfc203f4bbc2bd26f053b6813e4cee2919e1efa9cd3ed76cb9a4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4320-864-0x000002670BF80000-0x000002670BFEF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ\prefs.js

MD5 d32cbef39a417134a5736661e5726291
SHA1 a5d30c9a346b1751471736e532fb76a2c5e97ab1
SHA256 0e9090166a10a0d5c63833786e392667fb9c32f5d39fed61d02c47e77643497f
SHA512 29a4749b68e97808750891a1690f8a29dcd500421b0ea743f9cae18bae398a858f29e32b017cfb9dff64cc5d24f65ad175e1bdcbcbc093c513eb255716888cfc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ\startupCache\webext.sc.lz4

MD5 fa4cd5be94571ee7652c0684c0dffda6
SHA1 03467df289978960770d4f4f243d5041c1935c64
SHA256 8758a9c48293d137c99e12aff08a98ca94cabd0967f684180c7c860f767b2ef6
SHA512 17a436b26e125ea25c958aeb0506bb0ed54c6f7dcaf27a510296792d13696d1b1c75f47b0c15b7d9f04f265b67783d4da12da9409c122bc0c1c739a8850c7cd8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ\prefs.js

MD5 618eefa923c37687b1804d1fdb2f4d28
SHA1 cafbdd295e26d511c634537665d4e265af677641
SHA256 3cd0ebad4cf8260c7f14f94e52d0f021700031117a7ba237ef00372124144d33
SHA512 542a6e3516d25ed2585cb01e30042a1f3a9d7c6fd75877f1c253e2d54fa2de34b4bfd382bc4b08b4d4f906f28295699adf9486be59d04f6e1fc6e278d45cf9af

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileoSYzjQ\prefs-1.js

MD5 cd380a8e170e97163269d4537dfd407f
SHA1 6fd0008b4c35a2894c120d5ed67d812bd9c5621b
SHA256 52e9b454faa7f57f802ba9ed934dbb5799338571411f55e8a3d25fc4a6e4741d
SHA512 70f5901ab0313fd4da9f3dbf1f96b91f899f5208db85fe8875d54f391985acfa2d434b585428d034f514794f834cd3f5b0eb29f0d55fd6fde9f6856d885ffbd1