Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-ccf7qaeg32
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
evasion ransomware trojan pyinstaller
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Likely malicious

The file heavy.exe was found to be: Likely malicious.

Malicious Activity Summary

evasion ransomware trojan pyinstaller

Renames multiple (55) files with added filename extension

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks whether UAC is enabled

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:57

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win11-20240508-en

Max time kernel

300s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Renames multiple (55) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 396 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 396 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 5008 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5008 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5008 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5008 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3496 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3496 wrote to memory of 2576 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5008 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe
PID 5008 wrote to memory of 4784 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe
PID 4784 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4784 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 4728 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe
PID 2532 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZzabq

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZzabq

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.0.334140246\1111149166" -parentBuildID 20240416150000 -prefsHandle 1764 -prefMapHandle 1756 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {ce2d5ef0-74fe-4e43-bf49-39ae4d1f75fe} 2532 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.1.1056419786\882346038" -childID 1 -isForBrowser -prefsHandle 2796 -prefMapHandle 2792 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {3c7d08a7-1119-4182-bfd1-a16d2b9376d4} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.2.1314494593\1056785656" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {1a868a19-58e9-4559-8a52-0e85b56ac9ec} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.3.1462209856\964892130" -childID 3 -isForBrowser -prefsHandle 3452 -prefMapHandle 3616 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {2e1db6fb-dd2d-4015-bc68-077a2b3a86e1} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.4.155837713\1431860918" -childID 4 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {a4aec250-eace-4ebf-a26c-5a48e17f917a} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.5.1039587746\1241586067" -childID 5 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {54c94e01-99bb-4765-9319-93c6390fa91a} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.6.152228077\1311703595" -childID 6 -isForBrowser -prefsHandle 4224 -prefMapHandle 4228 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {901cf8bc-cd72-427a-8b8a-e6893be3fee1} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.7.115425407\217635724" -childID 7 -isForBrowser -prefsHandle 4612 -prefMapHandle 3572 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {c6991add-e693-4eb7-98cc-73cc25097b04} 2532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.8.1077891108\1758298363" -parentBuildID 20240416150000 -prefsHandle 3192 -prefMapHandle 3584 -prefsLen 27557 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {d027c8c0-84f4-4cf9-bc1b-f394d490993f} 2532 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2532.9.1120707705\2052674836" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4716 -prefMapHandle 3492 -prefsLen 27557 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {f3c53f11-aa58-41a1-b975-9a64a25499f9} 2532 utility

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="4760.0.899561825\437618548" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1672 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {2f77b275-e8e9-4db1-ac61-9815ac560e55} 4760 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="4760.1.1467569637\1703063044" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2424 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {f12661c9-a32f-4712-909e-e0c9d40e1b9f} 4760 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="4760.2.1295894746\1559641373" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {97e36e64-6da4-4cc4-bb72-c803dc412884} 4760 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="4760.3.856958683\787993226" -childID 3 -isForBrowser -prefsHandle 3368 -prefMapHandle 3100 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {e194ffed-4424-40e9-aa42-6272af2db46f} 4760 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="4760.4.1438183607\1667121936" -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3368 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {368ac98e-89cf-4100-826c-52eb4d4f7404} 4760 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="4760.5.1713707139\1768669010" -childID 5 -isForBrowser -prefsHandle 3796 -prefMapHandle 3800 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {20deffbb-698b-4a50-bf0d-d0a1aec98c63} 4760 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="4760.6.141513191\1987964868" -childID 6 -isForBrowser -prefsHandle 3932 -prefMapHandle 3920 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {8baba055-31eb-4d03-aea0-3822514f9373} 4760 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPJVEP

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPJVEP

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.0.1272179198\521068756" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {dace6e26-d388-4219-9ba1-04cc4686b92f} 2940 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.1.809427312\1591346241" -childID 1 -isForBrowser -prefsHandle 2820 -prefMapHandle 2816 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {d5ba2b3b-ea8c-48ee-8201-ac4cb159245f} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.2.166242400\270094341" -childID 2 -isForBrowser -prefsHandle 2544 -prefMapHandle 2364 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {4fdbf841-a5bc-4fde-b536-34bbd6f344f2} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.3.88440404\1197852551" -childID 3 -isForBrowser -prefsHandle 3436 -prefMapHandle 3240 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {112647f0-ce65-4731-9802-57e0a0b67f04} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.4.1954707514\1040844890" -childID 4 -isForBrowser -prefsHandle 1460 -prefMapHandle 2496 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {c38826fa-2b61-44dc-a403-4aef1a46877e} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.5.719666349\19907209" -childID 5 -isForBrowser -prefsHandle 4032 -prefMapHandle 4028 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {d806aa29-7b75-48f0-ab91-eddc08a5ef26} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.6.513531766\1869012979" -childID 6 -isForBrowser -prefsHandle 4144 -prefMapHandle 4148 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {b9e6d865-ff46-4cda-ab1f-be14882e0a03} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.7.1832035150\284488849" -childID 7 -isForBrowser -prefsHandle 4496 -prefMapHandle 4468 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {651ee0a0-8518-4e3d-9744-4682c5ece96f} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekwEHqE

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekwEHqE

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3440.0.633658084\751227363" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1644 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {ce98a699-d12d-46ca-a8f6-f302e51fdde7} 3440 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3440.1.78687073\397812084" -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2888 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {211a49cb-bd06-49cc-9474-ed88e9c49a7c} 3440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3440.2.998404612\740521099" -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 2576 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {0302c900-9567-43da-9e02-be96ddcf8ead} 3440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3440.3.1519954509\1600413493" -childID 3 -isForBrowser -prefsHandle 3192 -prefMapHandle 2676 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {b7bda6a9-a5f2-430d-9c07-d5aab3b5ea8d} 3440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3440.4.1956962701\1381095221" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 1556 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {537b2561-f181-4bdc-803d-39fb605c59b1} 3440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3440.5.574496986\59432241" -childID 5 -isForBrowser -prefsHandle 3928 -prefMapHandle 3932 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {ef7fe2cc-4334-4368-bb91-04a2833ac2c8} 3440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3440.6.585955062\102964110" -childID 6 -isForBrowser -prefsHandle 4124 -prefMapHandle 4128 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {f536c066-dc14-4711-9a26-ef9a56c64d56} 3440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3440.7.1783780269\1274317391" -childID 7 -isForBrowser -prefsHandle 4484 -prefMapHandle 4488 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {2f16f1aa-e3a6-418b-9842-6ebe5666e902} 3440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3196.0.996450026\75751817" -parentBuildID 20240416150000 -prefsHandle 1724 -prefMapHandle 1704 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {5a8a121d-b641-4341-9abf-c4b0ac1bfdb2} 3196 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3196.1.725211935\1728078847" -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2388 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {c2611181-4a8e-406d-a0e2-0071cc548497} 3196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3196.2.978818285\490579870" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {be67a8bb-d7dc-4c77-835a-767c7ce81d96} 3196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3196.3.1852771027\674661441" -childID 3 -isForBrowser -prefsHandle 3432 -prefMapHandle 3428 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {7e83cf9b-25d9-4278-bc1e-b89d3fb79850} 3196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3196.4.750138065\626548390" -childID 4 -isForBrowser -prefsHandle 3432 -prefMapHandle 3368 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {5072c3cd-3d86-42b0-abed-6c18bcf34693} 3196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3196.5.1293151307\1992667896" -childID 5 -isForBrowser -prefsHandle 3240 -prefMapHandle 3336 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {f0caf577-f28e-4f2d-9164-a156174592e0} 3196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3196.6.892514835\1331878809" -childID 6 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {f666f6eb-690f-4b91-9648-de5e64a55a14} 3196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3196.7.1078504838\1058388402" -childID 7 -isForBrowser -prefsHandle 4432 -prefMapHandle 4436 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {355bf9cb-19e0-4e44-bf52-ad48238b3568} 3196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="3196.8.777465102\337601533" -childID 8 -isForBrowser -prefsHandle 4464 -prefMapHandle 4496 -prefsLen 25411 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {325e87c9-ded4-497e-b4aa-9170469c4c09} 3196 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4cqAaV

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4cqAaV

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.0.111215244\2137518880" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {451597d7-3846-444f-b368-b57e2ed681f6} 2012 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.1.1546038204\796790745" -childID 1 -isForBrowser -prefsHandle 2304 -prefMapHandle 2660 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {f118532c-85a6-467b-8e74-05314465b92b} 2012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.2.1146245354\1030949497" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {4a55e0e3-c833-44c4-bd1c-dbc31291e06d} 2012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.3.378775057\950605774" -childID 3 -isForBrowser -prefsHandle 3608 -prefMapHandle 3612 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {aa63c231-c200-4752-9d3f-d64770424cdf} 2012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.4.867018424\207523418" -childID 4 -isForBrowser -prefsHandle 3096 -prefMapHandle 3132 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {52af93f7-7e6f-4f07-a5c6-baacbc4dc541} 2012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.5.99004019\1951686135" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {a92e7fa4-a9d4-4757-b788-6cec9b620bfa} 2012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.6.1473115982\449639809" -childID 6 -isForBrowser -prefsHandle 4108 -prefMapHandle 4112 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {f1d447cb-259a-404a-8897-4e9f47687313} 2012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2012.7.1905114580\1896836557" -childID 7 -isForBrowser -prefsHandle 4468 -prefMapHandle 4472 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {a647420b-1733-4e93-a066-f451d2393807} 2012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQsMpFe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQsMpFe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1172.0.505473026\664006257" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {a8cda449-e423-4232-9838-d048d793edab} 1172 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1172.1.2023640923\54809284" -childID 1 -isForBrowser -prefsHandle 2484 -prefMapHandle 2780 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {ea38334d-5f76-44a8-8253-6d44e70c3655} 1172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1172.2.262558928\595096391" -childID 2 -isForBrowser -prefsHandle 3164 -prefMapHandle 3060 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {61ddff15-a7b9-4358-8da6-0cc1831713fd} 1172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1172.3.1688265746\1539560933" -childID 3 -isForBrowser -prefsHandle 3040 -prefMapHandle 3128 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {fc0e18ac-b43b-4998-a499-8f67187624d7} 1172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1172.4.1212320272\637706220" -childID 4 -isForBrowser -prefsHandle 3356 -prefMapHandle 1552 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {55d33f17-8ee8-457e-900c-7e579e681e68} 1172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1172.5.1143830620\1184531601" -childID 5 -isForBrowser -prefsHandle 3948 -prefMapHandle 3952 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {5b2b68a5-7e4f-4c90-9666-473675ef62f5} 1172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1172.6.536345821\514053581" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4132 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {01c68aa9-e42f-4de3-ad50-06de7eb76f6f} 1172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1172.7.2032940814\1748785371" -childID 7 -isForBrowser -prefsHandle 4532 -prefMapHandle 4568 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {2d0b9419-76c8-4b4e-8036-262731032901} 1172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTQeKuz

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTQeKuz

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="388.0.736251871\1206746532" -parentBuildID 20240416150000 -prefsHandle 1732 -prefMapHandle 1712 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {f810ba61-76fa-4ab2-84a1-8b5302c4808d} 388 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="388.1.620762958\1222403866" -childID 1 -isForBrowser -prefsHandle 2480 -prefMapHandle 2664 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {811dff9c-3056-4dce-b389-c56ac26e3260} 388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="388.2.813297375\563129219" -childID 2 -isForBrowser -prefsHandle 3052 -prefMapHandle 3048 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {b2bf908a-f689-48a6-8027-a70d6e3ad760} 388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="388.3.233399516\460204478" -childID 3 -isForBrowser -prefsHandle 3408 -prefMapHandle 3180 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {9e0d9098-99cb-494f-ac2c-33702856522d} 388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="388.4.1074607716\506080370" -childID 4 -isForBrowser -prefsHandle 3720 -prefMapHandle 3544 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {268e2eb4-4b23-4722-8f9d-b7cc53277661} 388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="388.5.805174609\903816605" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {7dd26bd4-a833-43d7-b6c2-47ed718f37a0} 388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe" -contentproc --channel="388.6.1302548507\740119351" -childID 6 -isForBrowser -prefsHandle 4032 -prefMapHandle 4036 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\browser" - {3f88c67f-770b-42a3-91f7-c8fec2e8284f} 388 tab

Network

Country Destination Domain Proto
RU 185.22.174.119:9001 tcp
US 8.8.8.8:53 119.174.22.185.in-addr.arpa udp
N/A 127.0.0.1:50073 tcp
N/A 127.0.0.1:50075 tcp
N/A 127.0.0.1:50006 tcp
NL 141.148.237.212:8081 tcp
DE 178.63.173.42:9005 tcp
US 8.8.8.8:53 42.173.63.178.in-addr.arpa udp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50214 tcp
N/A 127.0.0.1:50222 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50647 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50655 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50939 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50947 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51275 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51283 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51580 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51588 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51966 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51974 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:52331 tcp
N/A 127.0.0.1:52339 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:52684 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52692 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI3962\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI3962\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI3962\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI3962\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI3962\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI3962\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI3962\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI3962\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI3962\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI3962\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI3962\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI3962\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI3962\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI3962\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI3962\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI3962\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI3962\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI3962\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI3962\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI3962\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI3962\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI3962\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpydfp17vh\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI3962\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4112-491-0x00007FFD6B0D0000-0x00007FFD6B0D1000-memory.dmp

memory/4112-490-0x00007FFD6BF20000-0x00007FFD6BF21000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 235bc324dbd5f832914ae12cb288e463
SHA1 bcfc76341e2c4035d2afb732e0ca91b0579e0b03
SHA256 2d6e6e20730af7e0992cdd2b3903c8d4a3b1b6f1745689b5538949f0b02eafa7
SHA512 7e3115a8fcac90e0bb7d0c34716f401756d81723599a44b17e031c89f690b2da0d5ea8cabd21e2e03df506057e5ce75be62fbbe41614527529aa35ce14641bdf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZzabq\prefs.js

MD5 c86254dd4e644dbe515253e944dce467
SHA1 cd92ce4733e94c0e66987255aec0327c8b977a45
SHA256 4c80d0f95fc7ee6d3bada548d25c68a5e2b77261c0922354abbd809a311740ae
SHA512 ad57603b85d6962812a4f16f95fa98327e519f52f8d7df79ee39a576f598564771b709735d083bc9222672a38c412e109c04c8b6070baaf11478ab1f39bc134f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZzabq\extensions.json

MD5 0341024c812f8609f7aa5e0c1215a8f1
SHA1 21a771e19a4b5ff35afc0562403014bc365e816a
SHA256 397865e3dfc81074b9dfaa421d8f04b71c9736b694d57e6847c44e690959c62b
SHA512 803e7917cbd4f38458c5d3c7f571f2dae4eb4b8469dfc96615a36c2bd9222260c63cd1b53abe44b93e57cc94798513d527b063079f4b2cf690c26d64573f8025

memory/2532-573-0x00000238B2250000-0x00000238B2260000-memory.dmp

memory/2532-609-0x00000238A5D60000-0x00000238A5ED0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZzabq\prefs.js

MD5 31035496338d9838a08808216ac5a80c
SHA1 9a36fb6049138e39e620a62e3c8f10dae24a0102
SHA256 67f7e4dc1ef835d8026d632f7e8e5ec8995e9adf762828e0baee17ebbd1daaa8
SHA512 7daf632087ea7336de80afca20c2feb93267e98028ff5309dd70b9d40784d444999aaa1a7953c8c3cb20aa86a8edcc0e0658c9475419db46a910b844ecf3550c

memory/2532-665-0x00000238B0F60000-0x00000238B0F70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZzabq\prefs-1.js

MD5 bae328573f37b0ba1bc8727a14ab6f0e
SHA1 28a12fb709efdd8cd4d55d61a6bdd048077f4d69
SHA256 14883d5642f659997295b078b0e48b13dad27041680c8dbcdd6c0a6de0d06b31
SHA512 21821ba5084557c9bc00cb260530d2746e425cf339825633ed6dfb1d2e6e0c12612bd640c8110404b8137302a147bbc3d1a4c2323121ac56070c89191ec93649

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4760-916-0x00000214B74C0000-0x00000214B74D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\prefs.js

MD5 bcb79579b83822a5b1dbd58c21c24e2a
SHA1 b77db9a25a11aa1c04218f5d9db698c121caf916
SHA256 32bdd8c2ccab31b9e1fa046b68dc2d336a170bb30f0bffc289d9cb50644db485
SHA512 def0e449739ed18a048ddc5b03b7daa279c1944b72468b0181c711aaedd2737533a6add575548aeb7b2f1f148f55d141fff89f0e88e622dd6e611eb03adac11c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\startupCache\webext.sc.lz4

MD5 b2a7e6ffa7c1be3654098d930c02d6d5
SHA1 23e591348a40d42f93af737affa3803fc3a5447e
SHA256 d8de79472fff3ea43ffd492126433869667d9cca5ac5d187d0fe52a849160593
SHA512 bda07170039456f15e00aec50ec1dc9f51d77af60f2ca408c20a44bef210d9b95c4d8a699152086eb5c1b60ed140dd25b75d369ae51a675b296c799936c6204a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\prefs-1.js

MD5 0300e8d240a61b3be7f14b1bce72d7d4
SHA1 acd877c915239a257f51ed89b8fffcbd86195662
SHA256 826f9b47aaaa66f3b60c599bb8dec545f342a6ada5074cd940e66d3a9ef65b5c
SHA512 92afc7183cb26de4cce9066c4a3539b5b2a0a133985737ab9b27daf93349b9dd73b131570de54116f3a157763a36037a8953cc0b368a86d33fb308a665039ba1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuVJgzF\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPJVEP\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/2940-1191-0x000002566BCB0000-0x000002566BCC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPJVEP\prefs-1.js

MD5 938d0d82cea8361df76d7bcb01af9b2f
SHA1 623cf7763e63c847196bf0ca4ed22ca6cd473ace
SHA256 11da51d82f60d2acb88f3b64798ca71ed258883a7f5f2bfecc8bbd00f52253f6
SHA512 601fe15971e6d8376a293ccbde7b67325f92132f7e283dad053d8b3c4e64dcf0255c8733522d3245b6fca080c39a0d796cd78b934b46f6f79e809a053271b35d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPJVEP\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPJVEP\prefs.js

MD5 6faf4adf089e92dac831ec8e625cdc91
SHA1 d53e46dd299b73db10404fa73239b952a282473d
SHA256 46db599e2a5bfa4927a621388401962b0c830b17c2a9a5cfa2e537e70b129d26
SHA512 7912c906f3199b35ebc0a75a29e6f1b548ca9f4b44f4f96bc0adb9c7b2bfed527969138f9dd6efc0b142adb290bb47306d89bdc36dc0ec5ba375d8fb9b652dad

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekwEHqE\startupCache\scriptCache-child-new.bin

MD5 f5d1636ce3602881a361d6b4ef15f97c
SHA1 6976e01e8f57aefc8a626d3b8967aa3a056930f9
SHA256 01565f73663b891f84d82db21727226d9d0c622d3a43af33a0aa332ebf56d27c
SHA512 fb0525447422216487f6b2cd6911a831af358f5d8fe97742db91541085e230841bb8a70460ebe29de85fd34020ccf4fd510719fad646338431203f23a14ea0bd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekwEHqE\prefs-1.js

MD5 9e70a4cdf5d7366b59d241d7e256ce8b
SHA1 66e12ca3ebfb94f8fcf05e683f12e10defc3eb37
SHA256 fb66d1f7272518f1fda269a65ce4175376b12b16e90bdc4d72aad208d01fdbae
SHA512 c5bc411a3ad0a326af3d068f323c5caf1350744296951a6a426891644c985830edc7522b118219188a73723acefd534abeda448b11dbe8d379c649f32b791a9a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\compatibility.ini

MD5 5c530317c61e9af1699f6563aae04ccd
SHA1 fecc46225f9e2a55ccb229ddd11ca34f5db06ea5
SHA256 9f03839c14fb4e9e6ad337b95e7ae079f6e47a76e5a87184da52335db9acb940
SHA512 8665b3ceb77f87e3a1f768a68e42554bc0f6ef61ea9313831f27988dddef01d503e811c2c3a4504c97ac697edf56bf258de28afc9c4d15c1dcb1365a2322fac8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\WebDriverBiDiServer.json

MD5 0cef5cb2c2455e6fa208a9992e2056f0
SHA1 31e90336ba2bb4817e7dc03d7b17db518b912858
SHA256 8698fc7ce51b1a39dabdf354ba91970fa5bc48a83d0f4fcfdbb31c03d7040820
SHA512 8646e3621f4c679d62020f44c42cecf475474743df5f55da0b64f068e8baebb601dac6a5f09577d4554805118480ce3d39451c24d4ef48129a426ad9d29d316c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 c186d2bec1b2ac77c0308f30e806f02a
SHA1 b1247a53a1d728daae7067dcd34311bdd449ff83
SHA256 7668960f5427655b36febbff794fdf931dfae75bf6eca2af492b9923192a9e56
SHA512 8328bea992330a9d97f2d24abede5c02b04147c1519dd7ea35a3b92fec4ecceef4116568003b3464b666f5e425eddf507e96557290b54723aa92deb68ba790f7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\prefs-1.js

MD5 789c0cb814025a40fa32aeaf941d3859
SHA1 3e3fb48ef0f2f941288de70d3b3722728098a60e
SHA256 a76d970fc3657b15211ffb44f2cd927a0fc64d914598af8e51659a36016722d9
SHA512 441915b1668a3d800ad5182bd55792fb5e04cc81ab574f9456e99761a835100af25fbd2af814071832df7bbd04fcf4c4f21638755b2bab02d6697443e2cda846

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\prefs.js

MD5 083e930aa6b75c264c911c04583116c0
SHA1 b74fd6ddbdc873a8a3dbef5d09fbf627d7538351
SHA256 7cc2a04a589dd6bb296f46178b2d7d9a70dc1268db2cf9e5ea1b11fcb81ddd9b
SHA512 c2dc2f99bd9560198c6d62f0b2ab26ddb018652502671b1bef9eff509267bf135015a4cfaed21787910a52aa057ed94cd6d7c82aca34a8ecc851a4c3a397a6cb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\prefs.js

MD5 aa2742b961083b49e37118f64288aa41
SHA1 a927c1211c30d4d99f0addffb4d6c018df290ef9
SHA256 785a1bbb6b6bfb7d41e533079daf0ebc6011b6f292234b7e74dbaae5cabe2af3
SHA512 b809483341c7c37b94436056542230b5aadc7395695099b6bd1b2d52cd0b71d9687cbf152b90487ca735efc7824a37d81c9d0b763d584282f0aeffc5a21b5682

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHRSRzV\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4cqAaV\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4cqAaV\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4cqAaV\prefs.js

MD5 76cfdc8bbf727541688a9479aae18d21
SHA1 7fd73779e33bfd5b86c71bbef846e042ae96e2fa
SHA256 86c77497af9c92c899fce54b056f49f38d4088b76fc5537f8610ca68d8ac1b6c
SHA512 06afeafc52634f792a143fb7aec55f65c9262aeb3a32810bbf2ee36c6cc8cec820064f9f839878b4caffa5437e1f23f302ff4ce4cb75997209b98238bab92345

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4cqAaV\prefs-1.js

MD5 0a0fd03da2b5068ef6aef11fbb265c79
SHA1 0338ff0ea65d520c0f777669911405a54232dec2
SHA256 c5669ff0d89a2d5517f64df4d3bb48c42d77439aa04934a7fe48c672f833500b
SHA512 5aee22a71ad45945ad601edbbd058e18e3c7bde1d14ba4a5883f0fa3a081984bc970f1b120e0f9796a778e4f173e7d8273dcb784a652c79244a6431503940ebb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQsMpFe\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQsMpFe\prefs.js

MD5 cd35d450caececc6a4e90b219e6d1efd
SHA1 6facf90f0c53d765d53745c10822d4fe961b11d7
SHA256 65cf1f30eaaf5718fc909c2dda1c565bf1e970ef2705dbc78094c9cbf3137d2e
SHA512 1f54c72c7d9aac79b21d19e347618afd66bbfbe1e3a589cb324f658742798a7c9ded8c2db22baad8389cfd817d0fd6ea7dfd8463f02e2655be1a6fc95a512b5a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQsMpFe\prefs-1.js

MD5 c39f6ee7f1844bf46d6bd5c8f1975c72
SHA1 db6e797f26ceb93dac564e66d578f7965c72ec48
SHA256 fa9a5cb591f9b32f0e4c1f4206d5f558c2aebfea6f10a4738e4147aaac1256cf
SHA512 bf4f9b9c179d909e3ad0c225d8d980d4a065b280838010e36c674dc54ec4485363db0aaa560dc1ba5a96b4ac5e1b8f48cec83f25204fd1a1a41e4052a068b744

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTQeKuz\prefs.js

MD5 e83b17daf00912551d1077b7f8a3b308
SHA1 6ef80d866bfb4d157a135dee3cc2a831b6ce2749
SHA256 2a966cdfe1eb8dcd9c7018e4b5b740a0cd271ac87ac8a5ead7a7d4049a452718
SHA512 eb27c184ae18c29e21627241973c9cf792e72a4b1ccc6370d931912b26819d98cb61494ab592bf621fd645fe51ca65b6d972a64eaf26771903cc57b17bdebaab

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10v2004-20240426-en

Max time kernel

300s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2744 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2744 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2836 wrote to memory of 5444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2836 wrote to memory of 5444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2836 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2836 wrote to memory of 2012 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5444 wrote to memory of 3196 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5444 wrote to memory of 3196 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2836 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe
PID 2836 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe
PID 1968 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 1968 wrote to memory of 5184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 5184 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe
PID 3688 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe --port 64182 --websocket-port 64183

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileojfhFg

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileojfhFg

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3688.0.1161922978\458088799" -parentBuildID 20240416150000 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {2b77ed1d-8b32-40cb-9491-0a221f87cef6} 3688 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3688.1.474096133\1764229965" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2696 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {b5e0a874-de63-4d9b-8501-678ef0845d39} 3688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3688.2.2096248785\158200846" -childID 2 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {d172aa59-467b-4d71-8111-ab8594cd2f42} 3688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3688.3.291428809\1965726658" -childID 3 -isForBrowser -prefsHandle 3744 -prefMapHandle 3680 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {a69bb560-4b8d-47f8-882d-2bf4332b09d3} 3688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3688.4.605759363\1427446696" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {5acb1824-313a-438e-a396-a404f3fd8339} 3688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3688.5.396599306\721619725" -childID 5 -isForBrowser -prefsHandle 4052 -prefMapHandle 4056 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {63ff3846-74f4-4d37-bcdf-5ed35f4645ec} 3688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3688.6.788798427\966272956" -childID 6 -isForBrowser -prefsHandle 4124 -prefMapHandle 4128 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {f63791a4-9c39-4602-8089-8dba0b5ac750} 3688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3688.7.1781926022\1345696122" -childID 7 -isForBrowser -prefsHandle 4488 -prefMapHandle 4612 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {dc0bb604-8e79-420a-85c8-7b9d64def4bb} 3688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3688.8.819179957\1024184717" -childID 8 -isForBrowser -prefsHandle 4764 -prefMapHandle 3728 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {855a9280-fea1-41d7-800b-248d56cc31e3} 3688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe --port 64182 --websocket-port 64183

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2680.0.815853299\2050471695" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {aa6b3d9c-d677-4d67-80ae-c584a23d58c7} 2680 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2680.1.1677943224\4971072" -childID 1 -isForBrowser -prefsHandle 2328 -prefMapHandle 2468 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {45066e6f-d0f3-4f74-8a50-d31fdf9ecb51} 2680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2680.2.1579585162\2087004720" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {6b8a8ba5-f52d-4fde-8ee8-320dc6d089c0} 2680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2680.3.625031424\1391322908" -childID 3 -isForBrowser -prefsHandle 3264 -prefMapHandle 3268 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {a613c8b0-ffb6-4428-8c1c-ea5633b3997a} 2680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2680.4.1973831206\269492184" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 1444 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {1bcac0d5-a4c1-4a58-b7e2-036698e0ce0a} 2680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2680.5.2082505139\379518717" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {b0bd4118-85e9-436a-a1d7-268172e63d83} 2680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2680.6.444121120\1990192006" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {691f9a49-c8dc-4832-941a-e6d3943b0a5b} 2680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="2680.7.516934036\885954112" -childID 7 -isForBrowser -prefsHandle 4516 -prefMapHandle 3392 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {6ae5b24c-0e27-49ea-b86b-ce71f27736f7} 2680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe --port 64182 --websocket-port 64183

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUOl0dC

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUOl0dC

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.0.704052743\2057972274" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {b84da1a7-0218-421e-877d-e567807aec8c} 3956 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.1.270554499\1662731407" -childID 1 -isForBrowser -prefsHandle 2352 -prefMapHandle 2320 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {557fb627-00c1-431f-9008-f185413cb329} 3956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.2.1914346378\1636133741" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {4e49a955-bf2d-45aa-af48-bc32f456773b} 3956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.3.1598930282\940796550" -childID 3 -isForBrowser -prefsHandle 2268 -prefMapHandle 3188 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {8ca56d3e-8d6d-4493-99c4-553f1d5d2690} 3956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.4.820740236\640038252" -childID 4 -isForBrowser -prefsHandle 3300 -prefMapHandle 3304 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {6e71c1f1-a408-41f3-9af3-2036ffd1883e} 3956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.5.1535265056\647386109" -childID 5 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {f051a8ab-f8fd-43d1-8375-5e221ec1ce7b} 3956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.6.264269120\111539145" -childID 6 -isForBrowser -prefsHandle 4180 -prefMapHandle 4184 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {71b6b8d9-3a98-45b0-ba0c-d7a2027a0088} 3956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.7.1127774483\71846253" -childID 7 -isForBrowser -prefsHandle 4672 -prefMapHandle 4668 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {8e325178-cb13-4334-ba78-9587aa6edca3} 3956 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.8.730049888\141936388" -parentBuildID 20240416150000 -prefsHandle 4372 -prefMapHandle 4768 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {86e88d02-a7cc-44a5-96dc-6183a562e843} 3956 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="3956.9.582974169\1827530371" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4960 -prefMapHandle 4956 -prefsLen 27362 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {d0bc9d70-3ff0-4539-9719-d7c5a1fd3053} 3956 utility

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe --port 64182 --websocket-port 64183

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7nxkN

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7nxkN

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.0.627485461\517498259" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {eed1ece2-2a0e-44ab-9d1b-1b87f010f87d} 4716 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.1.346452984\777655454" -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {5e1c3caf-17af-4210-bd06-43224b44868e} 4716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.2.862534057\620403206" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {cf075fea-ec9d-46ec-93e1-50266da20d2d} 4716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.3.45702728\354462812" -childID 3 -isForBrowser -prefsHandle 3272 -prefMapHandle 3260 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {fb00e2f6-bdcc-4584-8878-e1e72d1b4a43} 4716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.4.419197776\1312108319" -childID 4 -isForBrowser -prefsHandle 3924 -prefMapHandle 4056 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {2597e10a-b6bd-411d-bb39-fd7e758ddb88} 4716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.5.1747761186\716294812" -childID 5 -isForBrowser -prefsHandle 4172 -prefMapHandle 4180 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {fd5db653-7607-4be9-8249-91a681c7c758} 4716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.6.1324001673\949420912" -childID 6 -isForBrowser -prefsHandle 4316 -prefMapHandle 4312 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {57d014c7-5475-4338-bbf9-10573d57bd62} 4716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.7.752682673\195241248" -childID 7 -isForBrowser -prefsHandle 4804 -prefMapHandle 4808 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {8ef78abd-8cd4-47f5-9174-0865d90454b4} 4716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4716.8.1127472073\1666395915" -childID 8 -isForBrowser -prefsHandle 8996 -prefMapHandle 9000 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1236 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {223cf45f-995b-4e05-94d1-42d314346c3d} 4716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe --port 64182 --websocket-port 64183

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4152.0.1379517794\1054279076" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {4ee37065-8221-40f0-8b3a-2ac672a05156} 4152 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4152.1.24313643\387669594" -childID 1 -isForBrowser -prefsHandle 2580 -prefMapHandle 2596 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {0fa6e69e-aff7-425c-883e-82a5e6c951b3} 4152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4152.2.1148386152\1866970491" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {1cebc39c-68c9-4030-8647-ee1329b7d91b} 4152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4152.3.992221347\1865703848" -childID 3 -isForBrowser -prefsHandle 3204 -prefMapHandle 2268 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {24f206c7-bf6c-443a-9db9-60eba752e1ca} 4152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4152.4.420097510\1830282208" -childID 4 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {c7fee869-8da2-4789-aaf5-d52b0a1077dd} 4152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4152.5.292815694\60703883" -childID 5 -isForBrowser -prefsHandle 3868 -prefMapHandle 3872 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {dea0d69a-cb98-497b-955b-147215c87d36} 4152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4152.6.2034699258\993907623" -childID 6 -isForBrowser -prefsHandle 4048 -prefMapHandle 3924 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {be13311c-e273-447b-b7a0-c6538ca04c54} 4152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="4152.7.1962855198\619081303" -childID 7 -isForBrowser -prefsHandle 4596 -prefMapHandle 4620 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {406dc34d-8028-432e-8ba2-8eca76e84e15} 4152 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe --port 64182 --websocket-port 64183

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiNdekp

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiNdekp

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5384.0.1545748850\1922339355" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {39706cf6-5146-49d5-862e-d244edb9e1ef} 5384 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5384.1.1163968813\1359578269" -childID 1 -isForBrowser -prefsHandle 2460 -prefMapHandle 2636 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {ea7affe7-45ad-474c-9879-53ba8d382882} 5384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5384.2.976765167\822908647" -childID 2 -isForBrowser -prefsHandle 3180 -prefMapHandle 3176 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {1b5e357e-0f70-48d1-8087-2c842727e4e7} 5384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5384.3.1014945851\415235126" -childID 3 -isForBrowser -prefsHandle 3536 -prefMapHandle 3520 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {16683825-22b5-44e8-a6a8-e9a037eab843} 5384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5384.4.1922361472\1519046473" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3580 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {bf750d12-5f6d-4d1e-90f4-14dcaea49137} 5384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5384.5.1482250166\624834474" -childID 5 -isForBrowser -prefsHandle 3264 -prefMapHandle 3268 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {ea8a84b7-267b-4951-9078-2a6ade8a9b65} 5384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5384.6.1661087168\134113129" -childID 6 -isForBrowser -prefsHandle 3212 -prefMapHandle 3080 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {0e698c2c-d334-4461-8fe9-7f6474b598bb} 5384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5384.7.682628603\1943999945" -childID 7 -isForBrowser -prefsHandle 4644 -prefMapHandle 4640 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {22991098-a0fc-422b-9aa6-863efb729949} 5384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe --port 64182 --websocket-port 64183

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaiUPc3

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 64183 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaiUPc3

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.0.2142295342\526413682" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {70635955-0c61-493f-a811-0723e95de3a0} 5056 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.1.856128409\901707554" -childID 1 -isForBrowser -prefsHandle 2508 -prefMapHandle 2516 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {f25cd223-6888-48f6-a28d-750ad14968c5} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.2.1548398869\1298340566" -childID 2 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {63846e44-9d1d-4856-a9f9-46fe40646230} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.3.1783647602\1141808827" -childID 3 -isForBrowser -prefsHandle 3240 -prefMapHandle 3224 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {d34d36bb-4ff3-4698-811c-cf78b86a8aba} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.4.1156034656\2142125529" -childID 4 -isForBrowser -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {04b976b7-1e09-45b3-873d-b1e71433726a} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.5.473840477\279474197" -childID 5 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {f209e8f3-7127-4ca3-afcc-d1efbbcff864} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.6.1598803408\737731265" -childID 6 -isForBrowser -prefsHandle 4224 -prefMapHandle 4228 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {35504a5e-dd99-4209-8fa2-74a92ecfb334} 5056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe" -contentproc --channel="5056.7.1567050755\993187422" -childID 7 -isForBrowser -prefsHandle 4676 -prefMapHandle 4672 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\browser" - {d451e9b8-26b7-4a0f-82f2-b09d6b075e6e} 5056 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
BE 2.17.196.177:443 www.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 177.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
BE 2.17.196.177:443 www.bing.com tcp
N/A 127.0.0.1:64285 tcp
N/A 127.0.0.1:64287 tcp
FR 178.33.36.64:9090 tcp
US 8.8.8.8:53 64.36.33.178.in-addr.arpa udp
N/A 127.0.0.1:64182 tcp
DE 88.99.248.158:9001 tcp
DE 144.76.3.182:9090 tcp
US 8.8.8.8:53 158.248.99.88.in-addr.arpa udp
US 8.8.8.8:53 182.3.76.144.in-addr.arpa udp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64390 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:64398 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64772 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:64780 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:65097 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:65105 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:65458 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:65466 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:49443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49451 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:49761 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49769 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:64182 tcp
N/A 127.0.0.1:50142 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI27442\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI27442\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI27442\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI27442\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI27442\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI27442\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI27442\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI27442\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI27442\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI27442\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI27442\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI27442\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI27442\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI27442\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI27442\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI27442\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI27442\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI27442\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI27442\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI27442\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI27442\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI27442\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp0noxpysf\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI27442\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/5652-491-0x00007FFAC2F20000-0x00007FFAC2F21000-memory.dmp

memory/5652-490-0x00007FFAC2600000-0x00007FFAC2601000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileojfhFg\extensions.json

MD5 5c844e7b2474c286e05c4dbe58f5a91e
SHA1 3f1cc1f8a195ed48f1a44dd11edecda97ea633cb
SHA256 b19f73159607bba6e39e19c3017b30f804026c62a637182c42e04d5a0bc45c2d
SHA512 867c7f4454d3d4c2bdcd0851a3159c6de4d168b7c7e5826e643c8ddf6b309baa25da490ff4e2e95d07581f30707847749bad2963a21950d625d4bcdc91b0c6d9

memory/3688-557-0x0000022D302A0000-0x0000022D302B0000-memory.dmp

memory/3688-591-0x0000022D24D10000-0x0000022D24E80000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f11094894551ced57b6ef47cedec390f
SHA1 7f651c7afecabdce41210e95e234755e5fea75c6
SHA256 ce1cd131a81b0d79e7c99ea5b81e823954c0dbff6c89b6311d2a1a948f904431
SHA512 2c7c1938935356213d25a18a3f93f51417ef1fed44f67c4543602e42bdf7f99013620ef60fcaa73e4c1b071b67c2d03419cc7748587ad34f3346eb25c7432cc0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileojfhFg\prefs-1.js

MD5 279c439a6edb356ac7720288bdf306b8
SHA1 849154f958b5768b3441652ac571064c043eebc0
SHA256 0d50fd88794c8ae734d6d357907139019975b8da0ad6b3fecf0f0c64baee8dd8
SHA512 b9ab95f9fa76468bbd790cf1186687a1e9bf7a6621dae6ba9bdc89e869ca588d3c1e2ff647e9465b725b63a841f091b8895d2e29813c3073206a39204c0a5b6a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileojfhFg\prefs-1.js

MD5 d73f6334c595a315ced53db459b0ea0d
SHA1 7c45b0fde1c1944dff2e8f56ac27ad15a45e9389
SHA256 b90a17c7916f0dd85dde04d97d737d79f19cad988004bf663852deb043a3c2fb
SHA512 cf3bb2755e36e7abd866c5ac432c1c504c036a257d5915e80038f5502359c16fdd39eab558f27df8efe7561b4052472a598ecea20c39fc5c463bd81873d29c90

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\prefs-1.js

MD5 b95e9440b134feb137aa5ab06988b2c4
SHA1 c85a72ae26e98749b34dc3a768869f65dedd66f6
SHA256 d5933963679f1edca0b480303ec99189ec36c9e0a49ba600c0a03904537f54b2
SHA512 8098ae1a9c838cc009762eab584fdda8a0c59ec7f90eea02cd60699392fd9ffcba66625d68c5091e255b10bf186974e67fd78e628e10ca8492458bb462af7775

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\prefs.js

MD5 63dcf132215c772bf4327f4ff3cd12a0
SHA1 1ac3078795f7d9a38e282b532de3f053fe9ad989
SHA256 4fe9471cf21d002b4dc0b786b16f003df06213b850770f4758d64ccdd2de3272
SHA512 d9e82422b6ba34eae8773c2c1a4adef1b4305e08a3fdd65cb993813394a713f7d195887dd8ca3acda5f31a312ed917ef65f0d0740c11f19e0e1b4254041e1d45

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\startupCache\webext.sc.lz4

MD5 e1b04492125e4e5d30f96d735e522e1c
SHA1 c804d162ccfce195f4b4a396d3a6bc142310924d
SHA256 3de6191509d542b147e94cc16a764f6fc180652c17e57cf2e51ceca74af4f4f5
SHA512 f3bf19c44b9006071bef0e46d5505c3f0cc4d91a5b909bc01af0361b315e9ed4be9fc22bb2ad0df952a00af687662957c0b30338b4b9285f94761601e3c5b9f0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\prefs-1.js

MD5 d8e97e706b9d952d39a903c857004851
SHA1 4e30646d36528948e1365edac9677f8d7641d571
SHA256 0f57d06a60411647605e1b5380a9987e48831924963545281c4fd3e43a91763f
SHA512 1ed770aa9f8e587ffaa2add134c27c228172de85cd734e667be1f96161f642708bfceae49541dc42e2bad8fbbfb16288abf36c160ad785b37809dec391493291

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile67w4qN\xulstore.json.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUOl0dC\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUOl0dC\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

memory/3956-1245-0x0000013898830000-0x0000013898840000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUOl0dC\prefs-1.js

MD5 8d00d28d6b21a6d73d53835d76a4d351
SHA1 697d092d429be684fb0885b06b2006dee5acdb33
SHA256 395fc8fb962774a2cef0db14f6605665deea8b34f269473f6738cb18a58aaaa4
SHA512 35fc493069497fce6a0d46d64c3cc5f4f4eeeb5ffc38a330814b30cb0846c4309cef70bbc8e156ac9c503bca2459e59873b0c85090817b2c66cf0f7a727f4c62

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUOl0dC\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7nxkN\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7nxkN\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7nxkN\prefs-1.js

MD5 a8ce1f9f51214ece60ffa0160e024847
SHA1 54f1c2813da95ef8bbfeb1afdb0d4689757a63ba
SHA256 f72e9e80c00eb5e43a21c14e5c5f4a465e75d2f22b4d2090f3c30edcfb55097f
SHA512 f2d9e25d5dda0bc85b9cc206b2cb339a81a44288449ef215f8fde5ec7c70103947374355ab43576924c2aadfe42c63c24f22a1f80c490229afe6ccb970a729d6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7nxkN\prefs-1.js

MD5 edbdda96940d79cedddf6523f62cac4c
SHA1 7c7721b17cd2fc8603752a50425795b1b24202c7
SHA256 864cc2a02fce90ee91155360e8c51ac1bbaec18db1e43d70beb39e7208834e72
SHA512 2da7e610b1479ee6737014da3851f3ecfa7f21a502c5bcc3af5c6ae78d803c2367fbe708f7c131cbc55c3ed3cd1bac5e9147f3a08cee955f12c83b92ff98b662

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0\compatibility.ini

MD5 68a75b9fa03515733528599f34e02b02
SHA1 83e77fd96c95d3e85a14ab7ae5db80cb28eb16bf
SHA256 cd0f99d1e8103f4ee8c1bb00fe0d794cd3a4f220347ae356458c46cda81adc1f
SHA512 6b82a5c0d5ab06528acd1c9f369d4d1aaaf72d7bd840e5d86dbd74a72f241b710a513b521ea0edd1e25f39e3f39cd76310dcf1cd56d82ca6005771cd938735d4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0\WebDriverBiDiServer.json

MD5 d59b815dfdb2a457ac53c083abbb9fc8
SHA1 1170536d332d03cc8f6513eaac79bd0c99e22568
SHA256 d86b2cdadfb0901ed537765895cdba4e51e7299749be0e13283af6b15f3c89c8
SHA512 bc086400540d7e13d598c4b33091de427bd7d0181db36efc28b9706f07faf05a55a74e3ffff3e72585364b088b15f13fc1313e4c0e5612f8c442855ff2b2b2a3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 dd74d91c69ff9c2f49c7469da1aa204c
SHA1 ecd366a477afb488da9670b955ef41bf3a8c2f5f
SHA256 5b4ae811e042e7a6b6d90e401dfbbbafea985be1d85ba207e310ade36b442202
SHA512 13af79238acad671213ba5558f6cd0bb8b1320efe6ff36ec44d820a471692b5eb7a709a53ab125eca3caafb72278d408e1667513d0103ec7fa28288ef17093aa

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0\prefs.js

MD5 9517b1882e17339f3a0b86e429d5865b
SHA1 480269d3a57376e54bbb3caf8dea9d86a22b2b25
SHA256 fedc90edde421ee5baefec60de22d79a93720478a7ae0519c3a603767f03d803
SHA512 9435ec63bae4172599bdb31836af6d0fc7babb5aed2d0c67d54ea52722db02d2ae828106019c9eebba9cb035306ae87232905c26392ff2f7fe1e21a26eeb8229

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0\prefs-1.js

MD5 4f62d21eca93ad1822ac6256adc5072f
SHA1 f46d32f7daa52b6aebfde744517ca3dd573bde7c
SHA256 39b363c76b65864822a7659497eb753a343164b1d29bd8c94ef0fa3033d1cec2
SHA512 e699f426dde858dd18278f3247dccb87da74469e8138d6fa9855e77d3af1740c701cc553a3fbeb97fdbc02f1979f658f92c2947d528877ed31859d8ee42dd2f0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1QGFZ0\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiNdekp\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiNdekp\prefs.js

MD5 640ab54f17c453ee67ab97b86dfa6db7
SHA1 3831922c7cc54fbf10596e6d4d0d74ba61229b4a
SHA256 958dd6fc22b3a19e1d6f23955ca47601eff41fa2907ec24c83e6751da9f8e696
SHA512 2003516f26a82d31e2122ab66f2f894424e52a6925cd635444cd31ab5f30eac51b3ab9693f560a0fa2533247c28473e6129cd4b60a4d76cbce0d8c1fdae47806

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiNdekp\prefs-1.js

MD5 650457c22735ae95b400343d3947d405
SHA1 c662bb83b085f0ea8acb20cd6ca6615612af59eb
SHA256 ec4942de5c2fe857ad7f4640f12601003e60c3780ee80d7cb4454ce27bbfb32d
SHA512 7b8cd64a19766897cc6cc62fbe69be3b79b5e8ce240d7ecd9c555e4a7752bfdf259420876897fb9ec83e831e5a3c76ae49f04f8e2126cbe698ba6da1f0a36ba5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiNdekp\prefs-1.js

MD5 6b5604e26b4a60cf94df965cd3e12592
SHA1 5e6b4e255525e1c60b2c8782e1a3de43c8543b70
SHA256 7e60a31cc65c1c93c95a4dafcf42b6ecb5f491befe6ea192084985af9baae931
SHA512 34fa11afa82bb50500da1d5aa60a5b59af0dacf76945c58dbb187bac210545fbc6dbc041348194291ae1129aa99355041f4fe05f54f40359f6babe39532b3b6a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaiUPc3\prefs-1.js

MD5 93a4cafa19baba05cd88a441f7ff6700
SHA1 3f9c8469dc526ec54824897f55122c8bdefff170
SHA256 7041b594296666c9afc24fee9517fa602dab1093c0f61b270a5f820466536afb
SHA512 e3db9aa51faf2460d878e270c0fe3e8d0705de96555fafefc1c28cdae0c5ea6b58c5fe0872add8acabdbc6ac3be1a831bcdfa431f02d98b5b521580ffdfede7a

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win7-20231129-en

Max time kernel

294s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3052 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3052 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3052 wrote to memory of 1328 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1328 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1328 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1328 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1328 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1328 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1328 wrote to memory of 2808 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2788 wrote to memory of 2804 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2788 wrote to memory of 2804 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2788 wrote to memory of 2804 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1328 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe
PID 1328 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe
PID 1328 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe
PID 2312 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2312 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2312 wrote to memory of 2696 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2696 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe
PID 2848 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe --port 49454 --websocket-port 49455

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1S79a

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1S79a

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.0.1507944050\1040922613" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {6e984581-1344-4323-a493-578f5c4f1ca8} 2848 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.1.124626725\1707978048" -childID 1 -isForBrowser -prefsHandle 2052 -prefMapHandle 1988 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {67ee6b2c-d0db-4a7c-b575-77d9fb7efcce} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.2.1373916078\194988442" -childID 2 -isForBrowser -prefsHandle 2336 -prefMapHandle 2396 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {e552b777-23aa-490e-9b95-974998154e4a} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.3.1239125446\1286397374" -childID 3 -isForBrowser -prefsHandle 2340 -prefMapHandle 2592 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {b2cb3722-d0f0-4918-9abf-cc70ed685ebd} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.4.1624298320\2128845312" -childID 4 -isForBrowser -prefsHandle 2736 -prefMapHandle 2788 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {91294f92-0971-423e-aa36-e98079eead21} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.5.1877048812\1357081659" -childID 5 -isForBrowser -prefsHandle 2932 -prefMapHandle 2936 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {f326dced-39dc-43fd-8afc-6fe216cbab3a} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.6.707634545\459828798" -childID 6 -isForBrowser -prefsHandle 3092 -prefMapHandle 3096 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {e21d403c-1915-4015-96b8-31f6d7023d57} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.7.259702572\1881333046" -childID 7 -isForBrowser -prefsHandle 2836 -prefMapHandle 2292 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {bb4edacf-25c0-4893-b8b1-3b77a4b6c311} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe --port 49454 --websocket-port 49455

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.0.643265916\47105594" -parentBuildID 20240416150000 -prefsHandle 1184 -prefMapHandle 1164 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {3b634e97-5117-4937-acd4-480928695173} 2716 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.1.815459964\1059590653" -childID 1 -isForBrowser -prefsHandle 952 -prefMapHandle 948 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {d9603872-c245-4e98-a9f2-6dd3b3bedf59} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.2.1734705463\409389142" -childID 2 -isForBrowser -prefsHandle 2216 -prefMapHandle 2232 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {a26e8a5a-87eb-4d58-ab13-89b9b7d8074e} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.3.2071868380\758200237" -childID 3 -isForBrowser -prefsHandle 2220 -prefMapHandle 2352 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {5e6fc0fb-f6be-49ad-8c10-2c9c68585dc9} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.4.1170655158\311221578" -childID 4 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {dc18ffe2-97b5-4bf0-9f82-76326f9d565e} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.5.1150601445\726160388" -childID 5 -isForBrowser -prefsHandle 2964 -prefMapHandle 2968 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {16618a32-5da3-4d69-82c6-72315b01d330} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.6.1587436038\1385446482" -childID 6 -isForBrowser -prefsHandle 3100 -prefMapHandle 3104 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {09f9d4cb-a623-401b-95da-8ae03a8c70b6} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2716.7.1452264739\1063222181" -childID 7 -isForBrowser -prefsHandle 3488 -prefMapHandle 3484 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 844 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {728c8e9c-3096-4183-b624-aa3b7acac04c} 2716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe --port 49454 --websocket-port 49455

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZUEj3f

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZUEj3f

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.0.338973269\706941868" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {7531c4d4-0e73-420d-9833-5309a58ed115} 2940 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.1.1438879494\922141231" -childID 1 -isForBrowser -prefsHandle 884 -prefMapHandle 1628 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {672041a8-370d-40ce-9c62-7511126daf4c} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.2.461562387\631293048" -childID 2 -isForBrowser -prefsHandle 2036 -prefMapHandle 2024 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {b304706a-29c3-407d-91bd-c4357c76448e} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.3.1538827172\937694626" -childID 3 -isForBrowser -prefsHandle 2256 -prefMapHandle 2464 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {3d1ffb4c-ae1a-4138-8b79-c70e434eb2d3} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.4.273873091\254990288" -childID 4 -isForBrowser -prefsHandle 2792 -prefMapHandle 2788 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {6a4eab6f-8590-403f-8615-2ffc52026c02} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.5.1376122520\1863089931" -childID 5 -isForBrowser -prefsHandle 2904 -prefMapHandle 2908 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {902f707f-e77d-43ad-9a5e-db55d5933236} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2940.6.435314889\1619388101" -childID 6 -isForBrowser -prefsHandle 3060 -prefMapHandle 3064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 888 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {7f16aabc-0076-4a15-83d9-168b62874afa} 2940 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe --port 49454 --websocket-port 49455

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYnKMSO

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYnKMSO

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2920.0.467988182\1264977758" -parentBuildID 20240416150000 -prefsHandle 1184 -prefMapHandle 1176 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {9c19e7b0-62e7-45be-822e-f536721aac5c} 2920 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2920.1.1316861812\775232107" -childID 1 -isForBrowser -prefsHandle 940 -prefMapHandle 1944 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {2ddc5320-b804-45a6-be5c-552249b81f32} 2920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2920.2.115554594\1361679154" -childID 2 -isForBrowser -prefsHandle 2360 -prefMapHandle 2364 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {216ff4db-48fe-403b-9a09-10bbc3605af8} 2920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2920.3.256826243\103605300" -childID 3 -isForBrowser -prefsHandle 2356 -prefMapHandle 2436 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {a3997763-3695-4836-9f87-fdf84589954f} 2920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2920.4.247435871\1094482041" -childID 4 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {c705ff94-e51c-4bbc-8865-68012bd49fac} 2920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2920.5.1174876440\767696927" -childID 5 -isForBrowser -prefsHandle 2928 -prefMapHandle 2932 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {cc956a40-a1a0-4cfe-976c-5e1530fde8b6} 2920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2920.6.1255883425\861230458" -childID 6 -isForBrowser -prefsHandle 3076 -prefMapHandle 3080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {51639114-d4b0-4b75-a7b2-958a20eb44f0} 2920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2920.7.474702292\689813110" -childID 7 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {73d741b4-9945-424e-8abc-04190a622a78} 2920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe --port 49454 --websocket-port 49455

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5BKDhZ

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49455 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5BKDhZ

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2684.0.896403885\1666666681" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {6a603369-0081-4420-b85c-a9bdccd89cbf} 2684 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2684.1.954530194\2118808044" -childID 1 -isForBrowser -prefsHandle 1860 -prefMapHandle 2044 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {7c5b8a94-1f7f-4f3a-a1ac-ea88a0a0ecb0} 2684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2684.2.972891234\1957419398" -childID 2 -isForBrowser -prefsHandle 2272 -prefMapHandle 2268 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {0e7525e6-c9e4-4f55-b33a-1710d14bb6a8} 2684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2684.3.840806368\1539390525" -childID 3 -isForBrowser -prefsHandle 2596 -prefMapHandle 2600 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {3fcbb052-c5c1-48bf-8fa6-e9f80e6cf98c} 2684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2684.4.786797400\629422104" -childID 4 -isForBrowser -prefsHandle 2828 -prefMapHandle 2824 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {d481e9b0-f869-44ad-9e8d-da798efe64c5} 2684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2684.5.1112844308\1217481300" -childID 5 -isForBrowser -prefsHandle 2944 -prefMapHandle 2948 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {3b5e977f-75d9-4dd3-a12b-7b2ff7bc4938} 2684 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2684.6.588088784\650139007" -childID 6 -isForBrowser -prefsHandle 3000 -prefMapHandle 3004 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\browser" - {cff92037-899e-4ce7-b402-a0c2eb27feb0} 2684 tab

Network

Country Destination Domain Proto
IN 194.195.115.114:9001 tcp
US 199.249.230.74:443 tcp
DE 85.215.42.225:9001 tcp
US 38.154.239.242:443 tcp
N/A 127.0.0.1:49507 tcp
N/A 127.0.0.1:49538 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49651 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49686 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:50198 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50233 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:50705 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50740 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:51178 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51213 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:49454 tcp
N/A 127.0.0.1:51686 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51721 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI30522\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI30522\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI30522\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI30522\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI30522\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI30522\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI30522\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI30522\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

\Users\Admin\AppData\Local\Temp\_MEI30522\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\tmpei4layng\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI30522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

\Users\Admin\AppData\Local\Temp\_MEI30522\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI30522\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI30522\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI30522\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI30522\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI30522\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI30522\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI30522\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI30522\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI30522\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI30522\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI30522\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI30522\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1S79a\extensions.json

MD5 f099f062bb5a614301889373e8123eb2
SHA1 185bf4d1e8efa4ad3589f37184780b375a0e9f34
SHA256 d07dc199e4b94bb1e6126425671011846248e093ee1440750c9c2bfb6b1192a8
SHA512 5f8663ee3373eb37b12f9846e758fa3088392f43cc1aa860ec84df4f340cbdced0621beccb0d8ac7e899afc367a686d1283c7a8cd1ba7a110174ac3b15da9168

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 15b844d1d3b9894a007edd9b96be1ec4
SHA1 365ebaa624a758eabcdc30c6f44c6b3587e59b35
SHA256 935a8096963ce233d28c235e6e3bff6ba218f56b9604863ee882ea62d9c04626
SHA512 86e55a81d5bc0d5b3389c8ea5571005df39d3abdc61260e0584730dba5f24301530e315adda9ccc7126eaca71c58bc8c487b95fdd638240c0208533129eb0790

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1S79a\prefs-1.js

MD5 1cdee888acf2f8e82ee398b2182ab5e8
SHA1 ca78f05db34545b11573230706b4885be68e9ae0
SHA256 8573a5bac98e1ae50d0e1c018eba7c887c85bde9835f4bfb2b484f88f175c53f
SHA512 95be87420e7989e1664e26d5a37816b75f2181d0da14276e3aa58f772571006eea9938da12435752e8f994f29c950ab6392b604874e333f0b749017b9ad93943

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1S79a\prefs-1.js

MD5 d3fd9e2cf242bf62d8d08db922abce38
SHA1 28f35331f100e135d6be43806ced6eae7564412c
SHA256 cc2b68af7c18e101d3c9129f50454ec58aa8317c37960fde5a2883bed74853be
SHA512 4a03abbd9f147e413e241a829ef3a15d4c0f7451aa64aeb6dcb90eaeb2250247433e25837baa1da58fcb5119cd454f409ae4a2a193e70ff660c16de24eeb04f8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\prefs-1.js

MD5 a3b4252d87ef4d930010226c25360f56
SHA1 19c2d4bd61a3f689e0f82df339694d37f553764a
SHA256 148d92fcdc8712a0d3f6685b8c4b48a128ae650eac3c476125475d040b471316
SHA512 2e2ef4baf1fe850b190985b045d7d3ecfe6fe9f5c9fc9b7491abb67d4f3e4fd8473fbe34c7f7a31c5200cd3c6041aad3240aa2f1f69d6baf32ce6ffab8444cf7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\prefs.js

MD5 51baa8abbc65bcb9a45b9190f806929c
SHA1 fe55018ee5862dc2e8e474562874185c71933a67
SHA256 6ea3bc69a589c8af25742128eebc1a57c5ae7357a8a9cbf41f87f360a353f69b
SHA512 01a344cbb214ceed88adf949c4e97a0b92cff1797279fc30df716e5ef22d5bf443b638aa4f261a124d6d2afd3782d4b7f5b03a8067a4ab84946295adbffcec7b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\prefs-1.js

MD5 73ec4ea7e6a03a9682688358b15f60f6
SHA1 df627a21742d7d794d72b855da19a38569df7fe7
SHA256 5819739f4e3245876274836f256ec758eb97a6954c814de76e65e4b441f3b0ad
SHA512 64e4c5e686b7b637346fe74fffb0e84d5629790405d983709c1323c6d537558ce332beaba467c9d40576e9210ff8c94c2cf4f2fef7628736e45f708e236e38c3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\startupCache\webext.sc.lz4

MD5 5e68d00ed2f920245a318b054b30a8bd
SHA1 3cd7642670650ca1a2d68be52c446869fb6485be
SHA256 5aef38abee475c5c1d2e034f164d136578b12180a79338238079239882246611
SHA512 d45f5fb3c8e6d74dc7dae1641231c64f7233b944d99c8691690f07f9d18981ea035a58a0cf1ca2b74fe16474df9d7d0bb3593d0c16299ad32c3b6094cb44a21c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\prefs-1.js

MD5 fafc2c59613865ff13868c09b608c9a6
SHA1 1b9dc4d7c05253f1bc6b99f5b89878042980b0b3
SHA256 1537601e44b38950aa992442632cd6bfdf8d8198bfaf8a30fba10c9f4dbaab1b
SHA512 2028b70da709eaaab9e9de92936ebf9040393b81dcbb0a7516c30a9e4c5e57fb1343e171ce8b22c5550588e3647ca4d706df166a271b30f5621ecdc2b5e7b119

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletU9KMS\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZUEj3f\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/2940-1685-0x000000000ADD0000-0x000000000ADE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZUEj3f\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZUEj3f\prefs-1.js

MD5 aeb75a4643fb3a2ca1ac709bf3490c53
SHA1 f5b883f9e9429715e1e319bf999ca5bdf63105f6
SHA256 5b48a0561b8dab9c616d866eaecc9f2c4ba2fada3374149c367e4cb16b0ccd9c
SHA512 783b50f4ce658532a767d120ab63573f27159da767b83dfcce6243225904ed0f59f9572d3546de3ededd28dba00185af6ca4f5d0505b456d0ade8894e0914f2d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZUEj3f\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZUEj3f\prefs-1.js

MD5 2657be1b419d43f07878d3adecbd3cfd
SHA1 b4c6b991b63b21050c85b2d51d2c6c91e194fef4
SHA256 c852baec4cd865c2835d32093d0eab5ee48c3ac1a880f4d6047af5d72a5d4754
SHA512 3acdfdd99e1fc3ed59a825884014ecc2e5ed62dcd881c8aafb9c2bab96b9a15a2a7f199c17aabf522ecd33fe7ae81ef10dac7f31fa528d43700ae7a6c0ef11b4

memory/2920-2129-0x0000000008A60000-0x0000000008A70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYnKMSO\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYnKMSO\prefs-1.js

MD5 95fd4a1250a586c1a1dc23e363e76d95
SHA1 cd76636f701106015cb64fe1afd8035e4a9821a6
SHA256 74a19a38a88cc0958fad94d51126b6124b960b3e821edded8a36fb67eb32c182
SHA512 232b98b12be9c9b0518acef8aaae4d69898f77f13587888313d6290f8316d68363acc33b12e132c5322cc671edc815f1f5065176849d180a13dad518c5434ce3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYnKMSO\prefs-1.js

MD5 96ff87fcdff5bc21e561d030eab65387
SHA1 98a52982adf9e0ea48dd84b17357a8b40618dd7c
SHA256 a3947aad95dd3cd823f8192149734c424ccc8b266c6cada9a0829bbc72436e40
SHA512 1f99e954f6b9e273745652ebd4ed2a7bd1995fa0c95fde5cd2cd5118ebe39deb837467faf6b77c0eb9a1b4aaa8587e7ee7a6d97598f008ca4ad712ccd05a080a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5BKDhZ\compatibility.ini

MD5 82daa5f7dbc3b29db915f1542f0a10b3
SHA1 098cf7d8857d9fdf5ba8166a44db8a4f23a57ceb
SHA256 b0b5521ba1733db154a6975aa44aadeaa428f5b80fea8065b7bbf359ccb0db0b
SHA512 d6072023f433d6b1f45e2731683645364e479b71a9838748b95d9bb37769dfe3acf55bc8d9899ca2a848a0b7cf4c8d81360d255fca7fa95c79a17d12de47db71

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5BKDhZ\WebDriverBiDiServer.json

MD5 9f8c9e3ab6c18101c12fcb4a662c9786
SHA1 736e389b63c2e3600ccf209c3e4d4b29379a3bac
SHA256 44237dbb748e6f5487c76559399479647117122135e7bfd6faade9bc1c028c91
SHA512 4e4c913914cf4d8bfc2ccda4234be9ca34fc4d606eedba7b7f1d1261c1c0345ec6b3ca8b8d05e5d5fe41d6500934fe3b1bb91861770a76e6d1ba6db5f7768866

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5BKDhZ\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 aad247196cc610734bb6a48af5cbd495
SHA1 b9c8d3016249817fb48781b062bcdd6a26e93b7e
SHA256 dfee50819cf884da2ca3357609567bbb778bbbb3a8261c98e98f052b0a2fdd41
SHA512 8ebcb36577a819b5633d78fc1c0a6c21bc4fbe61f72ef209c0f6d43e39cd9d9a21126827213f13c66d748c1f4dd82a3bb271c60e3172a73e81b3ea41e33cb54a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5BKDhZ\prefs-1.js

MD5 9daf9f31429138601bb69d7070a45a9c
SHA1 81906607391ff8042b93a48c8db509e3e76cea57
SHA256 1d5382d0675db7bd03715506c1a5bb0a930282cd34ca290b506f50afe0e5a066
SHA512 73d590cd2208fe3517e3bdaa3e42f25d3b9a98a7df04e114792b4344f52560b67a9704879dcb2aa10f95249f1a5efe22ace023b1a098f8c0f1389bc0554b444a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5BKDhZ\prefs-1.js

MD5 7731c2230fcc522f9da2283533aee3a7
SHA1 6eb4b0699afa8c8a008de6dd67d2f0a77d68a5ec
SHA256 a0709f9f1ea7b3993330c4aa9afa174eeac14922776477d331e4783edd5765d9
SHA512 86d7fd5f53620c90c689e02b779bd8b48c9d96dcd04448ee1cf39c10ba481b1ce8b2ae38ce5c336b6ce59b27918c310cd0b98cc1b7d7e0a3251d8ef783a92633

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10-20240404-en

Max time kernel

300s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5076 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 5076 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3880 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3880 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3880 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3880 wrote to memory of 1136 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5000 wrote to memory of 4880 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5000 wrote to memory of 4880 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3880 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe
PID 3880 wrote to memory of 2360 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe
PID 2360 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 2360 wrote to memory of 4468 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4468 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe
PID 4452 wrote to memory of 1580 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBNbqKa

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBNbqKa

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.0.527375873\6473749" -parentBuildID 20240416150000 -prefsHandle 1456 -prefMapHandle 1444 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {dab87504-3365-4ecc-90c7-bde6a1959686} 4452 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.1.1683123206\964916022" -childID 1 -isForBrowser -prefsHandle 2064 -prefMapHandle 2044 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {a423357d-3210-41b2-8cca-00f7af439447} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.2.752861045\1605721969" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {9a242f6f-ba57-4dd2-af84-969a6dec98e0} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.3.1547267710\1961303762" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3432 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {ca750e2e-7315-4db6-a066-10d8307eb82f} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.4.962675777\1346045304" -childID 4 -isForBrowser -prefsHandle 3356 -prefMapHandle 3372 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {eac14a8f-3445-46ad-b432-51a87cd0ee60} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.5.1428316238\417359423" -childID 5 -isForBrowser -prefsHandle 3244 -prefMapHandle 3228 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {dff842fd-05b3-4c93-a56d-5128715e1693} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.6.885861865\1234819630" -childID 6 -isForBrowser -prefsHandle 3780 -prefMapHandle 3828 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {f006e71f-668b-4610-8e59-d989bddee5b6} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.7.746868352\1159956866" -childID 7 -isForBrowser -prefsHandle 4244 -prefMapHandle 3560 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {e8c49500-589d-4757-97c7-a453a797d959} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.8.705404122\1073313105" -childID 8 -isForBrowser -prefsHandle 8216 -prefMapHandle 8232 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {2a73730c-5224-47ce-aca9-dde38dd7214f} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.9.253132635\1005879886" -childID 9 -isForBrowser -prefsHandle 7940 -prefMapHandle 8204 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {d3e16567-f3e8-42e0-ad52-8acdbe2c26fa} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.10.832398840\151543761" -childID 10 -isForBrowser -prefsHandle 8444 -prefMapHandle 7980 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {1f9fc838-1997-4b1e-9c0a-b61c3cfddc09} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.11.1613673429\90244890" -childID 11 -isForBrowser -prefsHandle 3264 -prefMapHandle 7692 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {1f48a1bf-30dc-4432-9f2b-1b20421ec716} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4452.12.1949313874\854858903" -childID 12 -isForBrowser -prefsHandle 7444 -prefMapHandle 7460 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {c6e65b77-ab8a-47d9-927e-13babdb398a6} 4452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="6136.0.846520349\1064876581" -parentBuildID 20240416150000 -prefsHandle 1448 -prefMapHandle 1436 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {4f7ed18d-6c04-4ba0-bc67-e772a0c0a32d} 6136 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="6136.1.851600340\1144980334" -childID 1 -isForBrowser -prefsHandle 2280 -prefMapHandle 2484 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {4c4acff2-dcba-41ec-ac5b-cbea46463c61} 6136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="6136.2.1821077745\761836967" -childID 2 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {e9b17f9a-a4a9-48ae-a36b-11b393407728} 6136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="6136.3.443222528\2125949475" -childID 3 -isForBrowser -prefsHandle 3160 -prefMapHandle 3220 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {6c25bdae-cd8f-4e69-9338-2be93894aad6} 6136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="6136.4.35484287\1839425211" -childID 4 -isForBrowser -prefsHandle 3608 -prefMapHandle 3588 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {e0651290-3cf9-4c77-9f1c-4311fe0d3ecf} 6136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="6136.5.1981823178\779852324" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 2292 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {c65ce0d3-477c-4ab1-a7c6-abd37e485f52} 6136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="6136.6.1908150165\534175749" -childID 6 -isForBrowser -prefsHandle 3828 -prefMapHandle 3832 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {477476b8-0362-4025-b106-9ce6005fe329} 6136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="6136.7.1725142218\1566979188" -childID 7 -isForBrowser -prefsHandle 4268 -prefMapHandle 3028 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {d5e380af-dff5-4a29-8d00-55e1d1e089e4} 6136 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenFu5q4

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenFu5q4

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1120.0.780577231\1141668876" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {bab313c2-4b66-4175-9b2f-5541b33a2dd6} 1120 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1120.1.1059984471\938794768" -childID 1 -isForBrowser -prefsHandle 2116 -prefMapHandle 2772 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {8e2153d2-56d9-4f48-8bdf-17bb535dc48a} 1120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1120.2.605080646\796181784" -childID 2 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {b3812d81-6a33-4799-9b5e-3c85e865ffcb} 1120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1120.3.1799610722\782059140" -childID 3 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {6bd3e930-e513-4b36-91ce-83174bc66212} 1120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1120.4.1196478439\633215904" -childID 4 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {7df6ab28-d1ba-421d-b672-b36ee64ee4fa} 1120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1120.5.1678283835\1470954464" -childID 5 -isForBrowser -prefsHandle 3828 -prefMapHandle 3832 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {61aabe89-fbe2-4274-bea1-9367b4363083} 1120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1120.6.1262529699\1613877846" -childID 6 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {92b1ff1a-d503-47ab-bcd7-7854543ea1ac} 1120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1120.7.1539961127\111928133" -childID 7 -isForBrowser -prefsHandle 4164 -prefMapHandle 3812 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {244736ad-9aeb-4fb5-b1d6-c785a94b6e9a} 1120 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVZyCh1

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVZyCh1

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4516.0.65978790\2080313882" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {7f00d338-2057-4279-a940-db0ff1b02467} 4516 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4516.1.1872980531\2025637026" -childID 1 -isForBrowser -prefsHandle 2516 -prefMapHandle 2512 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {72c33be7-637b-48df-b2a1-7cec6949cf02} 4516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4516.2.1252636839\701040208" -childID 2 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {07a46efc-db3b-4faf-8c3d-2b8cf4ed478d} 4516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4516.3.2119927250\1393282864" -childID 3 -isForBrowser -prefsHandle 3120 -prefMapHandle 2960 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {434e9639-e25c-4430-be03-f657e1bbc24d} 4516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4516.4.1195804120\1342409601" -childID 4 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {ff9f4b85-ac4e-4812-8791-3ddc9d17983f} 4516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4516.5.763765398\744806629" -childID 5 -isForBrowser -prefsHandle 3776 -prefMapHandle 3780 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {ab7a95c2-ff31-44dc-bdb1-61a4709d56ca} 4516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4516.6.1346913061\314958499" -childID 6 -isForBrowser -prefsHandle 3960 -prefMapHandle 3964 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {2982940f-6f9f-438c-aea4-256eb047585f} 4516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4516.7.773792529\36849563" -childID 7 -isForBrowser -prefsHandle 4272 -prefMapHandle 4248 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {7131c44b-3f8e-4322-8e67-45c6d9f9f666} 4516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4516.8.59629208\1875412874" -parentBuildID 20240416150000 -prefsHandle 8548 -prefMapHandle 8552 -prefsLen 27558 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {9abe9a2a-7a77-44a5-857d-72664b3a623c} 4516 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileS0y3vM

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileS0y3vM

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4024.0.913995930\1937513440" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {560fdad3-0895-4bda-b103-7ed480a0db40} 4024 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4024.1.528414953\1631244014" -childID 1 -isForBrowser -prefsHandle 2624 -prefMapHandle 2644 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {56de1d14-5bd3-429b-8c61-b136e7c9f79c} 4024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4024.2.1308370231\1803166763" -childID 2 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {5920a292-8406-4987-acb9-d804689f7e67} 4024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4024.3.300583225\189376779" -childID 3 -isForBrowser -prefsHandle 3208 -prefMapHandle 2652 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {e9d85778-bc6a-44fb-a13b-7be564e5d031} 4024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4024.4.1994971123\845395327" -childID 4 -isForBrowser -prefsHandle 3440 -prefMapHandle 1352 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {0423010b-0ce1-430e-9360-8593329aeeaa} 4024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4024.5.1585814139\957243231" -childID 5 -isForBrowser -prefsHandle 3588 -prefMapHandle 3592 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {ede98fd6-c49f-424b-aadd-ece75b142c9c} 4024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4024.6.99846612\1404872138" -childID 6 -isForBrowser -prefsHandle 3776 -prefMapHandle 3780 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {8b12419b-70c3-4c1e-9fab-648d28255760} 4024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4024.7.511777750\1531151402" -childID 7 -isForBrowser -prefsHandle 4316 -prefMapHandle 4320 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {5d2fbd4a-526e-4aa7-a227-a285bfc2f797} 4024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHMU3Dj

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHMU3Dj

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="5668.0.1669934317\1653169562" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {d99120aa-65ca-4f2c-bb16-70c52c63a8af} 5668 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="5668.1.295232145\1148205236" -childID 1 -isForBrowser -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {5e9b9d65-bf83-41db-bc4e-6ca69096d88c} 5668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="5668.2.1296938947\1086694685" -childID 2 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {24ac7e4a-707c-45db-8605-307c33d76bd5} 5668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="5668.3.501858498\1802121781" -childID 3 -isForBrowser -prefsHandle 2968 -prefMapHandle 2972 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {cdb4b64f-43cb-4c03-b7ca-66313ce76647} 5668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="5668.4.1395855914\1630016417" -childID 4 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {c82d2aa6-c00e-4d26-bd2b-ddf76a3a3b8f} 5668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="5668.5.671908087\1928659415" -childID 5 -isForBrowser -prefsHandle 3776 -prefMapHandle 3780 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {f5a9cb42-1c2f-4d31-b2bf-d813cf8d0c6c} 5668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="5668.6.887244817\1893942370" -childID 6 -isForBrowser -prefsHandle 4040 -prefMapHandle 4036 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {595009b7-c88a-48aa-824f-8f9c0764b4d6} 5668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="5668.7.2011096920\1589259242" -childID 7 -isForBrowser -prefsHandle 4416 -prefMapHandle 4420 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {0edd0c45-cd01-4090-8983-aba07fb306ea} 5668 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMXfwJh

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMXfwJh

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4900.0.241334610\693012607" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {1220a5e9-5bcf-4a79-bc20-f6369c747f3c} 4900 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4900.1.1320556544\31568839" -childID 1 -isForBrowser -prefsHandle 2664 -prefMapHandle 2688 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {42214a25-b23b-4fca-b4aa-db9168d69c09} 4900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4900.2.115798053\964127924" -childID 2 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {f007ade4-ee59-4f35-9ffa-8ca3835994d9} 4900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4900.3.229329784\1960765069" -childID 3 -isForBrowser -prefsHandle 2972 -prefMapHandle 2988 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {b9787087-c48f-454f-9df8-67e5200b560f} 4900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4900.4.2073578488\1223493622" -childID 4 -isForBrowser -prefsHandle 3596 -prefMapHandle 3588 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {f5e38a11-c9cd-4f3e-85a4-26aceeddce89} 4900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4900.5.334076105\1316913695" -childID 5 -isForBrowser -prefsHandle 3760 -prefMapHandle 3764 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {2d58a52d-c9d0-4d37-853d-34c159d5e26a} 4900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4900.6.903127401\1338810172" -childID 6 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {b39ced59-0e24-4434-a216-a5fb5ef071f7} 4900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4900.7.1957737897\920626170" -childID 7 -isForBrowser -prefsHandle 4392 -prefMapHandle 4396 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1068 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\browser" - {51b775dc-bbf1-4848-bef2-4878fda1fce1} 4900 tab

Network

Country Destination Domain Proto
US 23.108.55.71:443 tcp
US 8.8.8.8:53 71.55.108.23.in-addr.arpa udp
US 38.175.201.167:9001 tcp
GB 181.215.32.162:443 tcp
US 8.8.8.8:53 162.32.215.181.in-addr.arpa udp
US 8.8.8.8:53 167.201.175.38.in-addr.arpa udp
N/A 127.0.0.1:50145 tcp
N/A 127.0.0.1:50147 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50240 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50248 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50042 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50654 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50662 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50954 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50962 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:51259 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51267 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:51621 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51629 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:51888 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51896 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:52166 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52174 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI50762\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI50762\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI50762\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI50762\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI50762\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI50762\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI50762\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI50762\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI50762\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI50762\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI50762\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI50762\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI50762\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI50762\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI50762\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI50762\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI50762\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI50762\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI50762\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpvv2r_k8k\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI50762\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI50762\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI50762\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI50762\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBNbqKa\extensions.json

MD5 d83ea73064e17df1483c122195d83ca7
SHA1 9169257133f6633477b25fc897a9e066505d60e3
SHA256 2ad7fca21543ced8739642cb388e49ec0d38a617f811fd7cf52036b0640dc7a3
SHA512 ac09215a2423f950a2ba9023947855ee7b9c433558300bf4184c59f019b055164b6905dcafc83b142d8fe63e8e48a40bb0d606fd9aaa86805b03bbaa2f9ae859

memory/4452-533-0x0000021D9FFC0000-0x0000021D9FFD0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 51e9e9102d39163379ff7277217ca03a
SHA1 c16187785a3866faaf3b949468ff6742e6975052
SHA256 edb768688dbc5146b3f9e2e97bbc1861107cc4008ea6feb5b8ed1553bce45560
SHA512 7ad859648c0b45969d13f8192a62c348bc9be87259bd39edff1b55956f9262a705bf5cbe9125b39ecb317b5f1b9240b16bea3b622ad56bdcc35de6697cd483b7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBNbqKa\prefs-1.js

MD5 c0436d873c4b9d9f9165d19405822665
SHA1 4b04242dc434dd91845e253954792c82d94264b9
SHA256 6a3bbdf89c7c0165b1aa11a7929081b5f2425d2c242b14c1d478b51d84f42bed
SHA512 7e1e3d5327fae9a6b898f94ba8c9229417f580b6102fc6723b91ffb16378bef37ac28d2bc5ee19aa902d0f01567d54f10e68aaabd8e4d488fb30055a9349eec7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBNbqKa\prefs-1.js

MD5 5a15aa57fbc61378aa7103c407f9d6c5
SHA1 88782bd428057f84fa08520e3b4ed1ee61314f66
SHA256 d77c83682e67973b43c040d5d0744c2c490f8a96140c2086acf274159fe4ea98
SHA512 9f82b8551c9b29223ad471b25458109249d6f7ae2c87fc5f9af9fcc1986e4a0afbd43cacd2f4427202a03e040acb2290c5e6e94ecb068b15bdf045890d1a3515

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

memory/6136-915-0x0000017AF67E0000-0x0000017AF6950000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\prefs-1.js

MD5 4da8e77eb4c4e86d0fdcafa2acc2a174
SHA1 b1b67d1265aa2184f4aee6a738e7e07e86e6b1e0
SHA256 2e6536d156552ef63a87e7c76d6c1f602db96a8345441c0682fff7a037ac3c62
SHA512 dff9360452cd054944f0a27c002a76f6ab3c151118b8d660124a63ee887e9bc7468c0bc6cffd94eebef1cab47686837a802e9c85848f710c566fb5c82588646a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUbEc7\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenFu5q4\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/1120-1134-0x000001A1F3DA0000-0x000001A1F3DB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenFu5q4\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenFu5q4\prefs-1.js

MD5 2566090075850c6af15474e23d441cd3
SHA1 f1d8794624333ab98052ac797b0805f1256bbba7
SHA256 c6b0624d67861e79f549e977adfc6cc03ef095ec5ca0a6eb3c9f7956c52af269
SHA512 a82f99627df1372ca74a01a5c39a42815ff8eda9b89748dfe4a48a3e55257213cf8a61cef2541b8a5786d9d509bfa0d0121a91b67dd25684c02866076be38a41

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenFu5q4\prefs-1.js

MD5 1b632e9576243c803ed50de8011c2d66
SHA1 4994173c07e2a0ec3398ad4d770c6b12a83e17c0
SHA256 6d720f57b591abe1dab5940fa48aa99dfc999fe52c1c0d3a093dcfd10067122b
SHA512 7efeabe90b83c83f468aed555c3decd3559759200c7ac2ffc7262289d9b0741d50bfbff9f427617ecaff485613d30d1fd1399d1d184dc7ec27ed151e2cb5a68f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenFu5q4\prefs.js

MD5 7601ca1dc56d34985bf809f8138881a2
SHA1 911b92a9c7fdc92b63d046ae1e7aed0627869686
SHA256 8c3f04504032bad9409cad3cdc988cac876a26ab32886861980e4ba19beaf5b1
SHA512 303a5e292d07411baf26bf48200adfdd7aa496b268377ff0e9aef785c78d384ee4d8e7d6eee45eab6fb336f13c8b8220e5d82356e05ca2dd1bba5ad3b22c9ac2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenFu5q4\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

memory/4516-1409-0x0000011EF8C00000-0x0000011EF8C10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVZyCh1\prefs-1.js

MD5 b52dde7ec7f55bead63e67edae476328
SHA1 1cd67598d867a308b1a1387250fea1157bec8058
SHA256 f124661f79cc4c4921f61eda0888a8df63825420c36e69e7158f2667643a73cc
SHA512 f42f7f4312cac8610038ead8d51fe1c57b26d2b08642a562458ff9b85648aca5aaba2b769305c8bf5dfa0b293deefa9950e8d66fbd34226f37a571b6370cddaa

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVZyCh1\prefs-1.js

MD5 e9a6ae742291604491bc66d8ad02658f
SHA1 109def425655229169cb1db8bce94a37bd021626
SHA256 7fe5f7e93318bd1b0b842584753b75dbca13769769727d7177710e0c0014e9a8
SHA512 2cbd35049577f6bcad09c7e6e980946107481aac94404409ab693b1be37c0ee8128f1957f92638132ef5973d5ab5aafa875b9411daf9a9f2d22caee96ecf1eb3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVZyCh1\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileS0y3vM\compatibility.ini

MD5 3cd014bd7c707512bdc36efca4c5e9eb
SHA1 db7d8302e43e7f0bcc7960d70c5a51e823a0ef9c
SHA256 b2caa665590e0dcfa9dd288cd539c0592ff33e7037bb33531e9b2d535514e784
SHA512 fa503c511f9a0a8152cc1d274b6c98c91a6c871c794bb7a4ceb71dc946d760df770da798e9542f2f92b52c964c8fc0764c7fc40ed3bfef034ab90dedf0100a77

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileS0y3vM\WebDriverBiDiServer.json

MD5 9a67ae82d235120f39c697257eadfebf
SHA1 a82d5409dbda1f3c5d69b7d2c298c0f4a2afb34f
SHA256 2f18d89da280aa8b6b54c71f381d916d2b0737030bf45e4dcaea1fea553bf325
SHA512 eb3657be34dc5297986b65283b1610a663834b394e84798f7090a4cc81da9aee0fc6016dceda7da9cffd820d80b6bd2ba9d13683ec983e8325ef4786fbb03506

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileS0y3vM\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

memory/4024-1685-0x00000118D8770000-0x00000118D8780000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileS0y3vM\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 139fc2f2fb0cb2af2f15228e454bac04
SHA1 65a80dda15ebc3a29c350e31b4ff7ce1ddca7762
SHA256 323235aeda6c68beec9f901afc73a34dc75d0fd5fbabd27c2fbcb0a9f3569334
SHA512 8448f669970c83b167edca46bb8b2237fa0c15108b639fab12e51866d662d33b3cf88f8ba100c69430836ce0b19db76c150fe35dbcfe32940f043eb6ba4092f3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileS0y3vM\prefs-1.js

MD5 acc68bfef97cc3eab36ea25b69c5c3aa
SHA1 f86ae567ff040bbbfd3c5c9b5d09ffb55b91574e
SHA256 3b537973781da3417559f8d85d9fcdfcd49e46901452cc76ccb3cbfa35baa710
SHA512 ffa0e8875075081208f4d9827ecab6de3ca4f3f04983b886fc634610880378384d0fd84c05d1eac3e2f55924e5d00f20b108e79e0e3c715d114b4dab6bd68881

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileS0y3vM\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileS0y3vM\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

memory/5668-1927-0x000002B8C4240000-0x000002B8C4250000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHMU3Dj\prefs-1.js

MD5 c027656c62e9fbd2c6ea1b0f451b576d
SHA1 18db21becd8164a54f8f48d169945a33d59c3ac8
SHA256 29a83a8b9c5b43e7f3e39a13d5d1c4f5b56dac8ece78e8d2f73404bfa02fcaf4
SHA512 1cdd0855a58999f0b13620a2e9577bf5b4382eca051cf5f52d8390d0ea04f5ba76b0e791cf743430c9cd4761999e978a2b8a4d2c1af20ff51e92220aaac1f371

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHMU3Dj\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

memory/4900-2173-0x0000029F990F0000-0x0000029F99100000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMXfwJh\prefs-1.js

MD5 8de63ca9e5304fab832f228ca6108b81
SHA1 83d81abd7647c5838c8da0b66b094086fce143b7
SHA256 abdcb56f6ec3e3220927e73b1f7cbe916b052683e133dad389e728d9b814ff83
SHA512 1cc92562a262fc39da0729ba8b0b9ede68e6655b30553f696a070e21353c44460c1e1da6c60894ce71a923354417b8c6d32f468ae694a5fb8390159e6eda957c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMXfwJh\prefs-1.js

MD5 788f921d25f0d5542771d679c2fe4616
SHA1 bc68a754f42f2b14bc8b3077fd2410dbdf20b976
SHA256 018d01d8477a7a20adfd8731684a2bd63e9fa868b233dda32e68ead6b6fc9955
SHA512 2b61f9294b611ab7942d4efa5aebb85232b7b55cb7b218d4863017d71eff616160a837f3dfbbfa7d5efeda2f415dd9ef30ed3741e9e5179bc040dc3cc055387c

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10v2004-20240508-en

Max time kernel

294s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1676 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1676 wrote to memory of 4120 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4120 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4120 wrote to memory of 4108 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4120 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4120 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4108 wrote to memory of 4292 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4108 wrote to memory of 4292 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4120 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe
PID 4120 wrote to memory of 1212 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe
PID 1212 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1212 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 1752 wrote to memory of 3264 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe
PID 3264 wrote to memory of 4000 N/A C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe --port 49458 --websocket-port 49459

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49459 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaHuexS

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49459 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaHuexS

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.0.1830746952\1723027362" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {06a7e4ef-8394-47df-aa7d-9a5b68a6e8e4} 3264 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.1.960299718\1975676863" -childID 1 -isForBrowser -prefsHandle 2700 -prefMapHandle 2696 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {feb84d23-b6e2-41f3-9bb1-27038393b827} 3264 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.2.1040003507\1215217650" -childID 2 -isForBrowser -prefsHandle 3216 -prefMapHandle 3212 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {4cae7caa-fc8e-4be5-a482-5da2031262d6} 3264 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.3.19045231\1259092946" -childID 3 -isForBrowser -prefsHandle 3464 -prefMapHandle 3440 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {14ad15f4-94cf-482f-bddb-c8517b9c8a1e} 3264 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.4.1165047259\815210096" -childID 4 -isForBrowser -prefsHandle 3712 -prefMapHandle 3388 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {e9efae2d-6222-449f-bc0b-8df93e1f0978} 3264 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.5.764080560\1366790055" -childID 5 -isForBrowser -prefsHandle 3500 -prefMapHandle 3484 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {6562fc0b-00bb-4a9c-9005-8888501eaa4d} 3264 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.6.470532591\450847306" -childID 6 -isForBrowser -prefsHandle 3844 -prefMapHandle 3868 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {8c32b251-17e3-47a9-bd9e-bbd81fa8ec7d} 3264 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.7.472922738\844216686" -childID 7 -isForBrowser -prefsHandle 1432 -prefMapHandle 4764 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {f899be9b-a3b4-44fc-b82f-de0905397426} 3264 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.8.17664426\1101849330" -childID 8 -isForBrowser -prefsHandle 4404 -prefMapHandle 4256 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {f651059f-6b1a-477c-a068-58a96adac637} 3264 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.9.179969382\897889985" -parentBuildID 20240416150000 -prefsHandle 4884 -prefMapHandle 4860 -prefsLen 27675 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {28d803df-939e-4f24-9a6b-a8809d0bb9d1} 3264 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.10.74660809\986326091" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4752 -prefMapHandle 4572 -prefsLen 27675 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {7d06e82f-e0b7-4d02-b36a-e26702a71798} 3264 utility

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3264.11.720147486\805826781" -childID 9 -isForBrowser -prefsHandle 8876 -prefMapHandle 4880 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {bfde1a98-f88f-482b-833f-f885d8a15435} 3264 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe --port 49458 --websocket-port 49459

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49459 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo1VIhG

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49459 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo1VIhG

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.0.814419373\1237821454" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {a28402ab-18b2-46d5-aeea-17bf500ebccd} 2448 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.1.1235037556\1466136128" -childID 1 -isForBrowser -prefsHandle 2708 -prefMapHandle 2868 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {2235e2e1-73dc-457b-a76c-0765e85e72b9} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.2.1134528528\257534424" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {fa1ab9b1-d3c0-48b6-94c6-d1c69dbf4396} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.3.558974338\1861814058" -childID 3 -isForBrowser -prefsHandle 3316 -prefMapHandle 3328 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {a606a253-442b-4443-95ad-819702442f24} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.4.1233709321\356404988" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {910fc5e2-9113-44c1-a5bd-34a05846cf27} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.5.1497389295\408357906" -childID 5 -isForBrowser -prefsHandle 3792 -prefMapHandle 3772 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {424c18f5-f77b-4af5-85be-7895b17e4510} 2448 tab

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2448.6.2105692364\2028237135" -childID 6 -isForBrowser -prefsHandle 4060 -prefMapHandle 4064 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\browser" - {457da87e-cd9d-4c3f-9372-46dd27d3d766} 2448 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.177:443 www.bing.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 177.196.17.2.in-addr.arpa udp
BE 2.17.196.177:443 www.bing.com tcp
LU 107.189.5.7:9100 tcp
US 8.8.8.8:53 7.5.189.107.in-addr.arpa udp
N/A 127.0.0.1:49538 tcp
N/A 127.0.0.1:49542 tcp
N/A 127.0.0.1:49458 tcp
MD 45.93.9.212:443 tcp
CH 213.144.135.21:9001 tcp
US 8.8.8.8:53 21.135.144.213.in-addr.arpa udp
US 8.8.8.8:53 212.9.93.45.in-addr.arpa udp
N/A 127.0.0.1:49458 tcp
N/A 127.0.0.1:49673 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49681 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49458 tcp
N/A 127.0.0.1:49458 tcp
N/A 127.0.0.1:49458 tcp
N/A 127.0.0.1:50247 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50255 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI16762\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI16762\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI16762\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI16762\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI16762\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI16762\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI16762\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI16762\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI16762\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI16762\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI16762\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI16762\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI16762\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI16762\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI16762\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI16762\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI16762\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI16762\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI16762\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI16762\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI16762\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI16762\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI16762\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4460-492-0x00007FFA90F10000-0x00007FFA90F11000-memory.dmp

memory/4460-491-0x00007FFA912B0000-0x00007FFA912B1000-memory.dmp

memory/4948-517-0x000001F64B600000-0x000001F64B6AD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaHuexS\prefs.js

MD5 5170af22f388665f5392b95a0e8b58d4
SHA1 9c9e72777fca9054b62d95bca2efd68df3e62af6
SHA256 cce83dacb6141005d3cb7f2a19dcfa4d69327d68327a1e63d25e6ca55e312d2f
SHA512 22ffe4386c5ed135ee6b79429443f0b60fbcc95c771c67143938703956e18fd465e7fc221a45ed5eba7d7ef3aa0a320d9e4b17141c5eec9776649b427fcbfaac

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaHuexS\extensions.json

MD5 e5e0fb65225977157f4a240b263ea79f
SHA1 05381cd19713965a0d136618a8a66f4c889a4c5d
SHA256 59337e6a99a5b42bacce9737aef0511c9507ad0a2b7935c9574a1ed6f706996a
SHA512 4a9dc8178461758f4dbbbd1ad1e8e8b445b4f7e5a97eab5353a1b373e273d599b878c7eafcb58ebe02f5273686d6ddb3fc5260828a52c5ac7b2b3a49663130ed

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 99d9bdc5a0a9a0c9e68b89adf6d0fa1b
SHA1 49ff01c7107f7058608418ffe66c8758c7f2c1a5
SHA256 666edec3ca1572adf6256f15c56445b7a9220ee08b8eb59f4f7e52e364fef607
SHA512 662c111a82c955a27db07657b831273b1d57fac370f4c126e64459c80af3238386251526ae6951db4606bda497849e133cc4b825a1bf06758f3d9cd6e0b9a74b

memory/4460-606-0x0000018600410000-0x00000186004BD000-memory.dmp

memory/3252-623-0x0000023A5AB00000-0x0000023A5ABAD000-memory.dmp

memory/4444-624-0x0000015460400000-0x00000154604AD000-memory.dmp

memory/5040-622-0x000001A73F5F0000-0x000001A73F69D000-memory.dmp

memory/1468-621-0x000002D955350000-0x000002D9553FD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaHuexS\prefs-1.js

MD5 25850f8c8dc92627e55eeab4f110ede6
SHA1 2bd8f4c9cf47b77e300a65c18773a9df1a731c30
SHA256 3e4c10a06de821b8a297c0e9ebf7e2634308b5b0bc34b3ce9f2c21001254111c
SHA512 01e0f73815505ea2fa1beabf64ced0485fa46ed6f47d4d0852539c2176f47809961ebb1b5e3ca697659fce03087ccab44a0207449adda727117d9a0afd7a65c6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaHuexS\prefs-1.js

MD5 7b5feafb47db2864cc99776604017020
SHA1 a78e00ccea944f6790f77ba230e1d26642c47a6e
SHA256 43b671ffaf8d8f00ce0ff928e6e20782bc185f267708a4edae7e33c9c1b7efe2
SHA512 066ea5fbe11554c70cb96b36163f1f547bc6910a178ac6cfdcb204a9dd5d2c6b68a23728c5b8d429d324a64c9b6b4e29c5935cca44941509f8aaea6e04cd4972

memory/4184-706-0x000001C659500000-0x000001C6595AD000-memory.dmp

memory/5076-730-0x000001E87ABC0000-0x000001E87AC6D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileaHuexS\prefs.js

MD5 968aa5d757a59b45b7c509893be272e3
SHA1 c44e521c514d6421362114970148b69d3b37c7b3
SHA256 28ff19353aca2b4453d749117866298fcf3dd6a28850527a913f85ab68f6a622
SHA512 148ecbf70e40b651e58ea7b38da7c74ff4c5e975b075019d49c8fbe8d621e27c31b60af78094ee9c77cd677c49b309f08e4227f7e383ec76bf457304bc45a8d0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo1VIhG\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo1VIhG\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo1VIhG\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo1VIhG\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo1VIhG\prefs-1.js

MD5 92fcb4d33ec3c4915cb37addff5316e2
SHA1 fb7b3cec164a366caae63a9eef3650beb30b075d
SHA256 b65bb4ef4a23899fd38e31e52887325232d913dd1e700f44fcdb15e3953edd48
SHA512 4831b03b5a35a0f0142251a847b3fd08dc517dc8a08fadafe3d42b18511ebb6dfd795e26d9bab66fd64271a50856f0ba89d0d621c3447fbfab2e705bd78f47a6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo1VIhG\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo1VIhG\prefs-1.js

MD5 4f9933eb3d301ab99322605375b7ecd4
SHA1 3fcfec331fbf9e18df32fe0a236432ac69ea3a6c
SHA256 5e41e6177fba00bbcb07caa9b4de01b1529c4cdb70ff895c747cc402c3877f98
SHA512 68b072e3461b26028eb15b14fdf08a36663b6a3bf1900c71df9f55fee300f5ac1bfc07ded101d209636cb022799f970127c7462256e703240fe405c721b7f615