Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-ccfwysca9x
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
pyinstaller evasion trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Shows suspicious behavior

The file heavy.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller evasion trojan

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:57

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10-20240404-en

Max time kernel

300s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5084 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 5084 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4284 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4284 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4284 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4284 wrote to memory of 1784 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4972 wrote to memory of 4788 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4972 wrote to memory of 4788 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4284 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe
PID 4284 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe
PID 3312 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 3312 wrote to memory of 1460 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1460 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 368 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyVVWMJ

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyVVWMJ

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.0.1806232360\1924176675" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {1be9fda4-15b2-45f2-abd7-fe1cc0e5fde7} 1380 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.1.442611907\1080111274" -childID 1 -isForBrowser -prefsHandle 2320 -prefMapHandle 2228 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {f7e59a66-1d61-4b08-8d5b-ac9d7fc1cb9b} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.2.1472973081\894935327" -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {dc09ac8a-36dd-49a6-a8a1-4aea9239a328} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.3.195725214\291940684" -childID 3 -isForBrowser -prefsHandle 3160 -prefMapHandle 3328 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {cd961dcd-598c-4006-95af-d14910e37bf4} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.4.358627953\1564528238" -childID 4 -isForBrowser -prefsHandle 2080 -prefMapHandle 2408 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {538ef817-55dc-4f3a-9bd3-a35cbebcf060} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.5.840625722\1434475533" -childID 5 -isForBrowser -prefsHandle 3864 -prefMapHandle 3868 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {4646bc96-9a27-4c10-a761-32854d5a4520} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.6.780638971\1506332735" -childID 6 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {2fd562d0-fa92-446c-bc0e-eb68305931c3} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1076.0.1448682224\194047871" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {d2a3d003-3bd2-4be9-bb15-81c1791ba711} 1076 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1076.1.1441691162\902959796" -childID 1 -isForBrowser -prefsHandle 2384 -prefMapHandle 2480 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {776d6065-3f76-445b-acbb-9fcafc876974} 1076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1076.2.487907195\354215416" -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3024 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {440335e9-6983-4c38-9917-aa9251a0f772} 1076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1076.3.1976931579\961462560" -childID 3 -isForBrowser -prefsHandle 3148 -prefMapHandle 3164 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {b03d1795-7379-466d-bdb4-4630b71302bd} 1076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1076.4.1221422375\805484040" -childID 4 -isForBrowser -prefsHandle 1348 -prefMapHandle 1356 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {29417103-3a97-49cc-bd93-c4a1b083de25} 1076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1076.5.1524766276\629969248" -childID 5 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {b1e0a310-11d7-4076-8a4f-23abce4f0013} 1076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1076.6.1577677780\1498768896" -childID 6 -isForBrowser -prefsHandle 3960 -prefMapHandle 3956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {b59b0bc9-a000-4807-adaa-7beeb0aec7a8} 1076 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJmsger

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJmsger

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3344.0.1390059492\354033349" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {4ea99b35-6230-4bb7-b609-9621720e0017} 3344 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3344.1.1928138336\346049658" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2696 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {217184c2-bb14-4b59-befa-ce5a7ce543c5} 3344 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3344.2.1557860269\1519630985" -childID 2 -isForBrowser -prefsHandle 2924 -prefMapHandle 2920 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {9429df52-c922-4dab-973a-269df6f4faaf} 3344 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3344.3.1335261831\1421582006" -childID 3 -isForBrowser -prefsHandle 3596 -prefMapHandle 3600 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {944cd4e2-bd10-4b60-9ffc-97e40bc9e3c8} 3344 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3344.4.1421643050\6605282" -childID 4 -isForBrowser -prefsHandle 2944 -prefMapHandle 2956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {4fc0c9b6-b794-43a4-b232-14046fdff2a5} 3344 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3344.5.999006509\602519082" -childID 5 -isForBrowser -prefsHandle 3308 -prefMapHandle 3304 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {27cec1c7-acef-4c7f-8465-326c1f062bd1} 3344 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3344.6.37209802\765928312" -childID 6 -isForBrowser -prefsHandle 2888 -prefMapHandle 3328 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {70f06ce8-06e4-4597-9f27-faca1488bda1} 3344 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUTitf

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUTitf

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3480.0.318748491\1912138896" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {fb68610d-1f74-44c6-aa43-d8db422b83b0} 3480 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3480.1.1549971699\1111648438" -childID 1 -isForBrowser -prefsHandle 2388 -prefMapHandle 2596 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {ce542194-d60b-4e5a-ba80-b8ac03dc2e54} 3480 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3480.2.1042162956\1434184777" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {0553f16c-2db3-4b85-9ffa-b5e3a11516f8} 3480 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3480.3.1454748665\873270849" -childID 3 -isForBrowser -prefsHandle 3320 -prefMapHandle 3296 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {f41102a3-2a85-47d8-beb4-85db7f686176} 3480 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3480.4.2036786990\1688272797" -childID 4 -isForBrowser -prefsHandle 3748 -prefMapHandle 1352 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {5e4ed310-87bb-4a8e-91f7-60f17dc3078c} 3480 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3480.5.796946308\1495971287" -childID 5 -isForBrowser -prefsHandle 2992 -prefMapHandle 2984 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {a149052b-cd46-4a02-93f4-4a237a68a5e3} 3480 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe" -contentproc --channel="3480.6.901823452\167513637" -childID 6 -isForBrowser -prefsHandle 3864 -prefMapHandle 3868 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\browser" - {0eacddcf-1d3a-4e4a-930a-f770bb10a71f} 3480 tab

Network

Country Destination Domain Proto
US 199.249.230.159:443 tcp
DE 45.15.157.177:443 tcp
US 8.8.8.8:53 177.157.15.45.in-addr.arpa udp
DE 185.254.96.139:9000 tcp
DE 81.7.10.19:8080 tcp
DE 185.254.96.139:9000 tcp
DE 185.254.96.139:9000 tcp
DE 185.254.96.139:9000 tcp
N/A 127.0.0.1:50144 tcp
N/A 127.0.0.1:50146 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50240 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50248 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50554 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50562 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
DE 184.174.38.53:9001 tcp
DE 81.7.10.19:8080 tcp
US 8.8.8.8:53 53.38.174.184.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50847 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50855 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:51144 tcp
N/A 127.0.0.1:51152 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

\Users\Admin\AppData\Local\Temp\_MEI50842\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI50842\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI50842\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI50842\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI50842\libcrypto-1_1.dll

MD5 22f805d81bb63c361749aa058a2c2f3c
SHA1 721c3f519b4c8235d13805cf78433955b5762a94
SHA256 43740842e5fb5053106300fd1abc1eec7f8dc967331169ca7f866ebfda0f7cb3
SHA512 731727624516f2cd9d61ed7df0af1cd99b93a5047ad83e39a8aee7e9804f88482f1d486d0adb5b75c2cf05612dd566ddb7b8a4a4b49bd395cb298c7ed17de61e

\Users\Admin\AppData\Local\Temp\_MEI50842\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI50842\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI50842\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI50842\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 539c0dcf91a5398eacf892e6f45faa1a
SHA1 71abb831fce501f8d0f765d638b632131db73c52
SHA256 73456efd35a10c83ee2f44c68db1c2b62be38cab4e50ecac16a87e682d9c68fb
SHA512 29675ee62c29134d2fa116b3a00527df3a17c967dca7db7f7763c45ea5c9f0376e702c444c1f21f23fdd9b4b384ba2c732b987ddff8ef3dd9c39af265a7dd967

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 7059cb49a731c42aeef63bffc59bf841
SHA1 04049b5711aa4a09c26f9dc8087caa8f16736942
SHA256 285573648093d3f2b829d447da3d4ada57e9e88e7bf901c2d072c5099e6ab461
SHA512 6709fbfd44f70a8af52aca1648fc2b971ffd5865bb6eea3f1f7550d1a8e4dd3ee918f56b8365220bf882fe5f3e1be5900702ee58d70959eb0bd98d26455e9190

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI50842\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI50842\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpu2j0qx_l\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

\Users\Admin\AppData\Local\Temp\_MEI50842\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI50842\top-1m.csv

MD5 0bb41c540a54e3fd2eee9689c7a4d23a
SHA1 40062442cb48102a1671749bed9e6cbb369284f0
SHA256 94b70bb532a798d6b732267e11a90de78b0a7dd3f8a41ecf1525f52fa8409c86
SHA512 3589975776e6cbfcf013e7461212676f6900c930347599e39fd102d37139e9636dce0577ec269d4dc90395c9f53936def2886dfef7fad938fc1a78dc3ed2015c

C:\Users\Admin\AppData\Local\Temp\tmpu2j0qx_l\webdriver-py-profilecopy\favicons.sqlite

MD5 dfa3a4ce64626cc3964d930ba7b9fdcf
SHA1 530ba947eb29f5e795c14025e3daab79b433a86e
SHA256 e4ba330d49ad29b868f5716e4d137f2cc141aabae38f598832b616a596183472
SHA512 1ec099138fbbdc0f01c25ee802467a3b994577a353fa995f4dc45182cca9b5703b98faa46da022af077f7dcb51a466775421e6bcac9d655d395a7f411061e0d3

C:\Users\Admin\AppData\Local\Temp\_MEI50842\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI50842\nss3.dll

MD5 fd012b8e98a8a2ca935c5bfd8583ed72
SHA1 3dd493a8c536cd5fdd0aa387488435fb342835dd
SHA256 19096ce19fc9d4144638bf2b0b2b02fb29e5f01cc85b9099c82a693349ae1d35
SHA512 f476139139cc770d0aceefbc687ed6a2397dff2ee7d255fd1432169ff3f29e94f337a2f2b0c6cd96887cdeb7a7ccf586b30b07d652de90850535e6379dc22f52

C:\Users\Admin\AppData\Local\Temp\_MEI50842\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI50842\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI50842\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI50842\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI50842\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

\Users\Admin\AppData\Local\Temp\_MEI50842\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI50842\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI50842\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI50842\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI50842\python38.dll

MD5 305f8ecac261934543c5215f16e6afdd
SHA1 3920f757f7d3d2c2cd97ce5adcecbcf218873984
SHA256 0b75e5e7d45c7d19d5a280e5c3cd296e2601cf378c37174df257e915d4ee244d
SHA512 9e64641cd7440ee3b3e07ac6aa536a22f9b0bc3684c26ce48462d1f180f0afa692a7f4608174199d91f9dd5665ef49ffafdd1d12d6605f4a896089262d31ef56

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyVVWMJ\extensions.json

MD5 bc6a2b926765b9ebc1a8a29a86e3b533
SHA1 3e2b53a274ff3c584709dd021c6ee2631fda2774
SHA256 f797af589387c0d542e6145f1fd76439f3afcad8c7558224c9660ae1d3bebb63
SHA512 ac503ed0a1b9a3d825ddd19d7c791ba0445e6baa4be5c5a98d498e361d6f36b682ce7e5c6298895c53091dbc282e0aeb9aade2f1aad63c2a03f06b132dfa9a2e

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 baf1df7b9cfd566c761694ed27b7bb0e
SHA1 1b174c66b394349c88c7080c4e3d15109f886a64
SHA256 ae038005ce9f11252e9d795f16a5684082dd07537625e3340177278a4887a93d
SHA512 a32d8effc9299d3ffc1588bd94527e17f6294fb0a7cc3fc64d2a9bfe7809a7da406288e6413948e1b1c8f21996f3853add593a4ee88cc99e29273e65e3130c41

memory/1380-572-0x0000029B16C20000-0x0000029B16C30000-memory.dmp

memory/1380-587-0x0000029B13AF0000-0x0000029B13C60000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyVVWMJ\prefs-1.js

MD5 473dcfae9d05ee19e992621c19d23f79
SHA1 d872538cec44d7add6b63f9fa1fa9387d87e0fe8
SHA256 2e33d51a855c897426f3bc682b06771b9e96aaa94ef65a45d6e08bf575e40092
SHA512 0e26db52063d0c8a15ae93cfed609a80c6807b817088c81e8588c28ab4bf48b4f1b3ccd2acd119c72f7d72e3126adc3610bc8df602c8ffabccb648bf007670e2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyVVWMJ\prefs-1.js

MD5 44d2e33c89e94be6e3c8594aebb4fd84
SHA1 5c6d41844057f3e29f97eb6b59c42deacdba6eef
SHA256 c6f285724628bcd9c01590683d57d1de463cf25e387ce729b1bd6a827c2062c3
SHA512 4b3b17359b5a41a674d0ea0a14d579d58c4c0e38e4e5faa2ddc3e6de490b6c99be1b0e52ab49d8a8699967fb742d0faa3df05731badc651bc7689b3fe4085ce9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1076-823-0x000001FC0BCF0000-0x000001FC0BD00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\startupCache\webext.sc.lz4

MD5 ff400e5aafd462e018076d17213750eb
SHA1 ac4d04ead2984f64d55d4a71c1d0b2a089de53da
SHA256 be1ef7420949f013615ba48f8fb49413afd0b4c928faa6f176639cfcf419bd6c
SHA512 950401affd99fef58eeb42c3a4a27a9a34aaa4d60600fc94f14762ea70823542cdbb92316e2f9c3acf5aee081eb6026f990efcb74932d13027c3547ab7683b32

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\prefs-1.js

MD5 f5b9fa1147e03eec8c6ad75b1426e96c
SHA1 16360fa4c4ca965921e703129ffb0c08df6c6887
SHA256 b391ecda034ba6fcd60f4f377f250278b81ee137c65a5523d56b5c332a72188d
SHA512 ee4e823daa3126092d2de5218efd96a484f4032a9063835a24e1a2c6b79fbf754bd14307ebf048147a95a9ca1012f708148a6f858c4ca3d8eb62f7096f0d5605

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\prefs-1.js

MD5 a9f6cd557420a1a35b7ba1ba2f99f439
SHA1 c2c9f21a7be79bb56aa644ab9191626e11e3a02b
SHA256 9f6453f81c2da1a75a46fd717f4cc298b085d921c804675b1a4f0348d22a22f0
SHA512 c25827a193bfc675a0713f93f09fbbe7412add3200c07e3960d878a7af2fadad0f8c949012c49e4f489c4a05c29c29ccf40168b3d513f4318608b71e52e1fa56

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9gj48S\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJmsger\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJmsger\prefs-1.js

MD5 13efb2fc206c94cdf2b25a4cc5c3b44c
SHA1 370b549ca8072f796b6941e00db48dcc036412c2
SHA256 6177bd9a4f3e13cf6e2cc23ab4cef2bcb398fec3a4b73d3f686aea11a2044fe6
SHA512 a201e9b01898b3174463e537c4e7e50cb31aad64b236c0830a1a0a8ff2c0d74507c74199e832846029eb952304536c54bcc69a17832713b86e1cd4310a247bf5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJmsger\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJmsger\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJmsger\prefs-1.js

MD5 65b30242093bee1ace6948b2dc053863
SHA1 d5835f70be0ee520516a7c306367f2c7c2160dd2
SHA256 a01cf3aa3db89bd90a90f609a3c94bb453127dd536d5fdafacdbcdfb36df5ffb
SHA512 37f74745125af0f925760afcf59199af675f81ed7dfee59a49aabf54b03cf006bdd031bfa915b7caa589d120408575dd219d88ac9b212c78203f4c444b934025

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJmsger\prefs-1.js

MD5 a33558bd434cbec17ed62850b0979a1d
SHA1 a1300b0545823087f6089f5d789b198d77d3754c
SHA256 ae0fe48e8e1f546b7ae8534adea6b5ed312c47ecfbce0ef0497b2cad7ee165a5
SHA512 3bb1879b8d711f8dc4c0c4fc21b4e76d2f362e6c16018068cd46594ca8bb0e7075df435c5fc87e3c2e59067784263578f95ac86e2356fb0e3a51fc6bd1e0c598

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJmsger\prefs-1.js

MD5 8ff4202149e5f1f0478450ada8c49947
SHA1 eb0330d5256fb63dce74439e9ca3bd7fd049b2f0
SHA256 f3022febdf472108bdceb1d8e5f263ecb26baeb22f644d5fab151e7a687efa61
SHA512 9feb10bd118a5a8b44d3bc952201e8061cccf927f48ef3e7ad27d5be0d71b928af1c460358b3201be0f0b7b938ce087e9519fe53410cc4b8a83475ef8c136f12

memory/3480-1354-0x00000207BE0B0000-0x00000207BE0C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelUTitf\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win7-20231129-en

Max time kernel

289s

Max time network

304s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2364 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2364 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2364 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2552 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2552 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2552 wrote to memory of 1148 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2552 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2552 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2552 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1148 wrote to memory of 412 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1148 wrote to memory of 412 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1148 wrote to memory of 412 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2552 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe
PID 2552 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe
PID 2552 wrote to memory of 2224 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe
PID 2224 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2224 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2224 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2836 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe
PID 2492 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49452 --websocket-port 49453

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6W14PM

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6W14PM

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2492.0.69920597\1509346074" -parentBuildID 20240416150000 -prefsHandle 1200 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {93dc74a6-5dca-4e4a-82e2-c462ac5228f5} 2492 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2492.1.1590431695\1824570180" -childID 1 -isForBrowser -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 816 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c84feb41-ce53-480c-bfc9-a671266a6396} 2492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2492.2.158754314\541705715" -childID 2 -isForBrowser -prefsHandle 2300 -prefMapHandle 2296 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 816 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {681e8e4f-33e8-46d1-a59a-e9834646e367} 2492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2492.3.781803603\1199939408" -childID 3 -isForBrowser -prefsHandle 2564 -prefMapHandle 2440 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 816 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {9a5a7dcd-f5fc-4e89-b69d-8bdd3a74def7} 2492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2492.4.1693531675\664951353" -childID 4 -isForBrowser -prefsHandle 2904 -prefMapHandle 2908 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 816 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {83da54e4-137b-477f-b448-86d8cbe3b6f5} 2492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2492.5.322604939\301131853" -childID 5 -isForBrowser -prefsHandle 2932 -prefMapHandle 2936 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 816 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {7321387f-9028-4c37-84e7-e6f4e10fbe78} 2492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2492.6.151430969\873510872" -childID 6 -isForBrowser -prefsHandle 3092 -prefMapHandle 3096 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 816 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {7f0693cc-4759-4b1d-b4f1-2121598fa1bc} 2492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2492.7.1576532651\1131582269" -childID 7 -isForBrowser -prefsHandle 3428 -prefMapHandle 2872 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 816 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {9df0cbd6-4df2-429b-99c4-07d612e339c9} 2492 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49452 --websocket-port 49453

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1116.0.7852329\20189762" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {90b86590-6b25-46a6-81e9-de74e0f2d523} 1116 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1116.1.1828820945\1278717054" -childID 1 -isForBrowser -prefsHandle 596 -prefMapHandle 2016 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {412a2e35-965c-498d-9c31-59711409e876} 1116 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1116.2.281239194\1863201182" -childID 2 -isForBrowser -prefsHandle 1764 -prefMapHandle 1116 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {6dfa2f4e-aa26-4351-bea0-0b59ead29fc0} 1116 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1116.3.1660151209\1241202514" -childID 3 -isForBrowser -prefsHandle 2536 -prefMapHandle 2456 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c75b19c9-b500-4154-8cd9-5df964573d19} 1116 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1116.4.1451062991\1599803501" -childID 4 -isForBrowser -prefsHandle 2820 -prefMapHandle 1080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {7ebcf5e5-d816-419a-bebf-3d8e9a06241e} 1116 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1116.5.452204525\346613182" -childID 5 -isForBrowser -prefsHandle 2932 -prefMapHandle 2936 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {f195feec-d8f7-4a40-89a5-054e3e73dd27} 1116 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1116.6.468733572\1836103974" -childID 6 -isForBrowser -prefsHandle 3092 -prefMapHandle 3096 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c5cf755e-c053-4a84-9f61-be80990c70ac} 1116 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="1116.7.1203546649\1598845329" -childID 7 -isForBrowser -prefsHandle 3332 -prefMapHandle 2380 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {3da4255d-2238-41b0-afa1-0d12508e5cd2} 1116 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe --port 49452 --websocket-port 49453

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile93QUy3

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49453 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile93QUy3

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.0.669703644\1089201290" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {753dca9a-21aa-4e08-9c66-a7f5f3ead45d} 2564 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.1.1827524382\1474659186" -childID 1 -isForBrowser -prefsHandle 1660 -prefMapHandle 1648 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c04b6869-e854-4645-9119-762e7e77ea62} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.2.1654094489\14860502" -childID 2 -isForBrowser -prefsHandle 2240 -prefMapHandle 2236 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {c0944ea5-4c78-41a4-a989-9640a6b2c702} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.3.1357169948\1659876501" -childID 3 -isForBrowser -prefsHandle 2316 -prefMapHandle 2256 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {90feb174-f362-4b07-9e4a-0babc1ef4a2d} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.4.777882808\565284019" -childID 4 -isForBrowser -prefsHandle 2476 -prefMapHandle 2608 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {1032b390-c5a7-4d9b-a722-0adb2511e77a} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.5.1956419916\2055243820" -childID 5 -isForBrowser -prefsHandle 2892 -prefMapHandle 2896 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {4a3a6cb6-b2b6-4ecd-ae39-7eb1723ab857} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.6.1436460857\1884996520" -childID 6 -isForBrowser -prefsHandle 2952 -prefMapHandle 2960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {860fff7c-e9bf-4497-abc9-f8381dbcd6f4} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.7.1471636559\1393886325" -childID 7 -isForBrowser -prefsHandle 3348 -prefMapHandle 3352 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\browser" - {325a301a-518e-42fb-80ff-ea2006a58f0d} 2564 tab

Network

Country Destination Domain Proto
LU 104.244.79.122:443 tcp
NL 192.42.113.102:9001 tcp
SE 81.230.245.67:444 tcp
N/A 127.0.0.1:49505 tcp
N/A 127.0.0.1:49536 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49654 tcp
N/A 127.0.0.1:49694 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:50216 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50251 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:49452 tcp
N/A 127.0.0.1:50773 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50808 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI23642\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI23642\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI23642\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI23642\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI23642\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI23642\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI23642\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI23642\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 86f78270d33684e7d6e0064174e4a4ce
SHA1 f5dad63848bd72f57b7cef3a6c5b3d3f862e8f79
SHA256 5b5ff53489a2b6fedcc1ae624cdb6d9d9a8d57e667c09f56914717c137815680
SHA512 4e5d1a30c4029b78e09bd2ae133b3c0102d870a62eb759a957159c44c5765928931adb926afabfb73e02c6e72dcc7b6bc5be248a19330c3cc675d3953866e567

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

\Users\Admin\AppData\Local\Temp\_MEI23642\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpcpygl180\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 549e54a44c7326c30548c998a1d16424
SHA1 d4375f9ead356aff85d60375b08db168195d5089
SHA256 fb2df7a858dbfacbedb5ce100bc71dff2b1e1991b2d574c1d3d46701ceea5433
SHA512 7325a6d2ed8cf43c4665f2cda3f4f9578de7a87cf70178eff7e927bb8b58f0dceff4b4bf6029593ff64fab052718cf2da8228275580071de2d0fb77fcb4bb897

\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 fd5225eac6a4da3c904ac0c620646f46
SHA1 9993f18fa6092d2acabecf7c7e9a19c2c66f2627
SHA256 cd7d8187bc2088d4c3e21521b9966f839ddcb942b272359da552034acb2ed073
SHA512 f4efbf3d9a55a6addc51d350e686099503029d9c35ebd77ef0f7356b1af40297d1c425c868bc08f1a3dc471e8b8be4e4740ff71bd2ff4826d3fd1bafd52c7f12

C:\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 9c3f9991165578966bcdd0eef05b7afa
SHA1 5f129da03c7dc455109a371bf8e1e2a0c859527f
SHA256 ac66ed3f72c030aea0f778dba0aa1baa43eff65ddeee080105dd16d8a7ed6aae
SHA512 69073c22a3f2b4f68664a4e58dec67eda5ecba6555ca3bdf01aae228d0e82344fcac8f5083fea6b719db0d564bb2f1a09725f2b6b13867307dd748a09855defb

\Users\Admin\AppData\Local\Temp\_MEI23642\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 c13b2b94a58e3271c1da4f9708fd63ab
SHA1 b6a7e1caece42baa3fe737c2d80f6751d589b22d
SHA256 f25e047128f41cc081e696c4b041cd37c8ad9d8cd7656a79400c4917dab56ead
SHA512 1ec86a8fffd36c7e97b2185f2adf6fde6f3fce85b0ba362863619702fc6b920c86318c27ebb235aaf0c02a816a39200cd8208f4f7d59073069af8386c6f016cc

\Users\Admin\AppData\Local\Temp\_MEI23642\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI23642\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI23642\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI23642\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI23642\top-1m.csv

MD5 f9e5851b5ec6312f3f3a52d02f8805c2
SHA1 c9d8b9d084d0e57341d4e421424391ff976fc1c4
SHA256 d4e467463c0d5ec61d6f581bd71fd9b0a4ea15a1ee242b7b97fc364a8ffabd16
SHA512 863a22ba5b93ce4d67aaedd6b6e3a993aa777404cb58d31c1dec7d17ed57e2e4658bffc048b53999f9db66c39edbf9b8c11db5a5a6cf42fab365ca544872cf8d

C:\Users\Admin\AppData\Local\Temp\tmpcpygl180\webdriver-py-profilecopy\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\tmpcpygl180\webdriver-py-profilecopy\places.sqlite

MD5 6aba2d0351e5cf9191433296312e2128
SHA1 724b71969c12657e847ab17f2fe81dbb6bcdf448
SHA256 bfb39d0bcf90d9bcd33d78ca8ffe3e63cb7c98d2523ab09e1d3e0a5d28c6766e
SHA512 a5d766ab16ddf31bcb7728054702fabde9b9e638f414827c2d180740d7263170061b425aaf29c29ef1e6d3dc342d58cba5b6660fe70fe646e304c6da63df4a66

C:\Users\Admin\AppData\Local\Temp\_MEI23642\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI23642\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI23642\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI23642\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI23642\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI23642\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI23642\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI23642\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6W14PM\prefs.js

MD5 a5e7153079ddf80096682884b7f62aa3
SHA1 c5c044e11b84b991a88736319e9fe080187c5db0
SHA256 4c433c4740f07195cc05ca4170b28bf8654b6814549acb340c2b5500cbf5fd5c
SHA512 d4b3bd547da4d8d8cd837420196a6e49dd7345cc09b173732630ebd5884369c1b466d4b248d7fcdd5e8de4b4b93b7dec167972783c8598c13ca4538da1d4783d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6W14PM\extensions.json

MD5 6fd0f7904a94f75e62dc21e1bda80816
SHA1 d5b685f6c77903e6a1e5a65a4b31b13eb6ae98c1
SHA256 2a1a8b081b667f5a39dc9f9265803436da03d01b39c1483d7ca6e9f0ca54341d
SHA512 33d60be4beaee2411357b767ce16848a030a954d5dd63583fd8cca1341b2eda48f417de0c6b167eca85815144d5d3055f133b285aaf4e0c3d7944849fcbec289

memory/2492-706-0x000000000BD30000-0x000000000BD40000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f252969e6306fb01c7ec7ca42a0ed99e
SHA1 f760ee778252e58bd8e286b182469c90b79d3047
SHA256 fdf2dc72c246005312e8c9eeefa72aa64b8c3a01b7b3fccbcf33e140b7def118
SHA512 3be017958d1b997dcae279a854d85f13f07da00b9baa3a43c450fc9733fd93e9d5ab0cb06269b4a0016ff2d1659c9ca64022f06a40cb9f887d7119895140d806

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6W14PM\prefs-1.js

MD5 949958357d4dba77ae9c2cabdedab6a6
SHA1 2784ae57ffcddc52e4ad5a50933493f5fb767269
SHA256 d541f8535ccc6d1f13b20a0b6ae98a387658f0e1ff6c908d99c5430e31cbabe5
SHA512 4e42137502b24449f7d0c88d8a9826effb22bd7fa0a05bf1923a34cfcf9320934f5e69db37e9d5bd8f7c6c8072f51265e044a1eafcb961090c7afeac84f98136

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6W14PM\prefs-1.js

MD5 33efdb6851f974575a066db59b8b3811
SHA1 e8afbf20ddd73dee73a1065a4f917efbb09e5e41
SHA256 32a5077a2cd3c2e26a792df10668af603e6f40d0bd239e1e68738be13fc3efb1
SHA512 1dca585d1e82939ff2c90badb22afbeb8ed17a5860c87dd7f9f5d3c176998a97f2a1c05a1783a598b80d1110500a14b013bba58d2117b8cf0460fba252003af1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\startupCache\webext.sc.lz4

MD5 b084a2a6a6ae053d1594e438789d204a
SHA1 519a54f797da21abd2e12b8d591163e6623c164d
SHA256 592fce140b25b0fde27838965242a28724e6d08ed621b58aebb3d8611dc03369
SHA512 d50938f57cbc924a694992ba74a5bb8cabd8311ec43f5248f8f6521a802efb5e64273afd8f1591afbbf6ae5d68ddeb4348a1e6ed7102c17ba25ac768bf48d689

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\prefs-1.js

MD5 009a7d4abf937cbecf8320670a504f20
SHA1 29ac2230e1a5bf7ba086425f3b59f9c9aaa05c42
SHA256 642950fdf90f6074e1c85f24159b691d8671614fc16348b60f6fce60159b4f9d
SHA512 78df0bf1f13d9ba503a22b92949deb838e3d7d2ca151366c94df613aacf2b4120af4e73babb8f36f289a822ad5d9c00f7f14d410fbaa4501be6444ef1a0c1254

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\prefs-1.js

MD5 3b6f8293d4d77a8c7983ab439a7a8b74
SHA1 a12c3a6c182558953541a62f858076f9f070da5b
SHA256 b1944140493e5d057f0c17dbf2ab6b930dda8bfc99f609b1c186f94191f7b883
SHA512 fd63de549f9cd489c3386b4772f6e89f5cfb720279485a72b0c94c0a3e3d434387ee9077ed577ba2c448a74a381bc110f9a07c7866d29b624bcd7256427999d4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerEAfh8\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile93QUy3\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

memory/2564-1657-0x0000000002780000-0x0000000002790000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile93QUy3\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile93QUy3\prefs-1.js

MD5 30e969984ffcdb2db659451e6aa6fcaa
SHA1 cce1717d7718fb052a2c5357033a3c5028134243
SHA256 372b652daabe11eda03e4f8eecd8bc6ae3d16fbbe1a58ca53e634bc6550594ad
SHA512 a9d22e8ef7a03a0436ba9192f0e1fab6d28a28d271245b0448f98450f546e218ed965f859cd20e0de6ae03ea15620371291386d3c5bd17b1e9de48d19c37b8cf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile93QUy3\prefs-1.js

MD5 3473af0a9e06496d39ca7d99ed8d7e31
SHA1 4aafc4273be7db6fd1438da669e4ac4b03daa209
SHA256 7a92a77b559082e5bea27d9049a70fba2b28758192e52972a1814c4c8aeb97a1
SHA512 b16846f51f8f218abb4338657cd17239967150819bf4140d00486e41b9ef481ca4fed5db7051176721e0e4b17e86ae50f25b4032413f091d6f957a9cd343d9b5

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10-20240404-en

Max time kernel

298s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4160 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4160 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4392 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4392 wrote to memory of 4032 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4392 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 4696 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4032 wrote to memory of 1104 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4032 wrote to memory of 1104 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4392 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe
PID 4392 wrote to memory of 1932 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe
PID 1932 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 1932 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 376 wrote to memory of 4352 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe
PID 4352 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8kvotg

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8kvotg

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.0.1107942376\438188117" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {e0d9d1c9-394c-4937-9415-6fb5109c2f99} 4352 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.1.2064555879\183801217" -childID 1 -isForBrowser -prefsHandle 2624 -prefMapHandle 2772 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {e75e572d-7e12-41e1-b348-621d5bdb3178} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.2.2146078361\1393642330" -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 2968 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {e8927d74-92d5-4788-b828-c795f7944564} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.3.28231557\179118621" -childID 3 -isForBrowser -prefsHandle 2952 -prefMapHandle 3356 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {54ec6a20-2165-4656-b474-44c1f2de930a} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.4.85270844\1310875083" -childID 4 -isForBrowser -prefsHandle 1348 -prefMapHandle 2976 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {31bff8b5-4d4f-4d06-95a0-cc2322e97434} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.5.1890873203\1837566514" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {f19e09fe-58a2-4662-9ff6-4ce042c518c2} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.6.820866060\133892407" -childID 6 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {214ef909-a36f-45ef-befa-50b2efdc8518} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4352.7.2051260911\1536564650" -childID 7 -isForBrowser -prefsHandle 4332 -prefMapHandle 4336 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {7a40ee64-b206-479c-bdd4-db232cd021a9} 4352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1376.0.676771266\1505822453" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {620a0605-3943-47bf-9e8a-25dc7d744514} 1376 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1376.1.612037743\1494862760" -childID 1 -isForBrowser -prefsHandle 2268 -prefMapHandle 2432 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {5d1e0f1a-9a5a-4997-9214-9088b1be063d} 1376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1376.2.161170730\1765564545" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {127bd945-dcb7-429e-b000-1f448e1e7b10} 1376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1376.3.759457786\989313217" -childID 3 -isForBrowser -prefsHandle 3324 -prefMapHandle 3212 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {e57832b9-ce03-403b-83e8-84e210ce1db1} 1376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1376.4.1168412177\355539919" -childID 4 -isForBrowser -prefsHandle 3012 -prefMapHandle 3244 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {e336d339-83b3-43d8-837f-30e7b617b8b3} 1376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1376.5.2097873021\1596712177" -childID 5 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {cd5d5305-70ae-4b73-8780-b1eb02d6a6a5} 1376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1376.6.1771561700\512881124" -childID 6 -isForBrowser -prefsHandle 3888 -prefMapHandle 3892 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {441de319-0c35-47ca-ab82-f419e9925ee0} 1376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1376.7.873453480\62338473" -childID 7 -isForBrowser -prefsHandle 4392 -prefMapHandle 4396 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1104 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {bfeff8ba-8c9a-4166-a068-04200747829f} 1376 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley7DUgE

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley7DUgE

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5016.0.953655966\1940651307" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {e4d1c1bb-c378-4977-be91-84d9d42c43f4} 5016 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5016.1.1521933586\727991302" -childID 1 -isForBrowser -prefsHandle 2284 -prefMapHandle 2112 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {c873d5a7-8c7e-4c54-b262-e3b44418aedb} 5016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5016.2.323658990\1824928458" -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {de6f8871-36f3-4ee0-9c1f-8774d274807d} 5016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5016.3.1489737802\1019577881" -childID 3 -isForBrowser -prefsHandle 3328 -prefMapHandle 3316 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {00948450-8489-4e2c-9f8e-b256dccc791e} 5016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5016.4.805507145\314175061" -childID 4 -isForBrowser -prefsHandle 1352 -prefMapHandle 1348 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {56f911eb-4fab-4091-8b81-a359accdb868} 5016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5016.5.648207561\1211439626" -childID 5 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {b0ce18db-a78f-49eb-b568-5b9be1e08cbd} 5016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5016.6.2103816995\914577598" -childID 6 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {143bc81e-8214-4c31-8ea2-0ae4d1aec63c} 5016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5016.7.2116034076\1847678003" -childID 7 -isForBrowser -prefsHandle 4412 -prefMapHandle 3792 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {a4b8a49f-e73c-4350-99bd-3d5ee9e09aa4} 5016 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOLxJ1N

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOLxJ1N

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.0.1373390842\1473213135" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {eaae8d9c-6baf-4072-8ebd-215260ed0f6d} 3944 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.1.910192839\1160257269" -childID 1 -isForBrowser -prefsHandle 2568 -prefMapHandle 2672 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {c5964ae1-c188-470f-bfbf-c708055d7a17} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.2.878943634\1711738689" -childID 2 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {14a120bd-7c7e-48ca-953a-0b597cf6a899} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.3.998776012\1771658913" -childID 3 -isForBrowser -prefsHandle 2276 -prefMapHandle 3084 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {fca15916-5f25-4e5f-b7c9-17c9fadf0a0f} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.4.1020134749\1837345082" -childID 4 -isForBrowser -prefsHandle 3588 -prefMapHandle 3580 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {5c45169a-5a97-4ad1-bdcf-69042ee065fb} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.5.694591194\1374474994" -childID 5 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {0fc98f61-95a6-4038-bb1f-84181317a044} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3944.6.758250790\398197669" -childID 6 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1160 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {d978983c-4295-468b-a7b6-5465ee45d2ad} 3944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNPISKF

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNPISKF

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.0.451464751\1153878438" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {849f9570-46ed-42f5-833e-102e383350d5} 4620 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.1.2110882307\1864071646" -childID 1 -isForBrowser -prefsHandle 2472 -prefMapHandle 2488 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {38d72a3b-61ef-4f85-866a-d77d288c8458} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.2.278872515\544167164" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {1003570d-f306-4daa-a571-ba58fe6aeee5} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.3.993527762\1944144543" -childID 3 -isForBrowser -prefsHandle 2952 -prefMapHandle 3064 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {270cab43-4047-4bf6-9012-c76472b9c530} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.4.264850538\1629169280" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3812 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {3975b5f8-7726-4b93-a6a1-a969d8565317} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.5.234441083\839724239" -childID 5 -isForBrowser -prefsHandle 4028 -prefMapHandle 4040 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {69007662-f951-4231-bcc5-4d410c4a9831} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4620.6.275173030\1802033285" -childID 6 -isForBrowser -prefsHandle 4012 -prefMapHandle 4016 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {1265b325-214b-43b2-8b95-fc2dfe94e165} 4620 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7B9lnh

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7B9lnh

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="416.0.592694844\9167478" -parentBuildID 20240416150000 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {395e2682-3b2a-4085-b552-b0bfa95c96c5} 416 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="416.1.651326960\340029085" -childID 1 -isForBrowser -prefsHandle 2288 -prefMapHandle 2480 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {ca4c31e2-5248-480f-8ead-796c3b7f1bcc} 416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="416.2.239936483\1086580941" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {4ff73f65-8d1c-422a-a9ec-2e1a35fd4a74} 416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="416.3.777588022\1768859168" -childID 3 -isForBrowser -prefsHandle 3272 -prefMapHandle 3120 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {073a9531-8e6c-423c-9e6c-b0b112af4249} 416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="416.4.1732074580\146130302" -childID 4 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {4cf24675-4b34-4866-a9c3-52159e61710f} 416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="416.5.1767935066\113208217" -childID 5 -isForBrowser -prefsHandle 3728 -prefMapHandle 3732 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {9e4b97e5-4f42-42c0-9c78-1373667e6629} 416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="416.6.1410007440\1698606224" -childID 6 -isForBrowser -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {f8bbd395-866b-43af-b6a2-4a8e856d80a8} 416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="416.7.208400685\1370684050" -childID 7 -isForBrowser -prefsHandle 4352 -prefMapHandle 4356 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {e0318793-00cd-4c5e-8437-c908916cd005} 416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe" -contentproc --channel="416.8.734691548\934701314" -childID 8 -isForBrowser -prefsHandle 8476 -prefMapHandle 8492 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1084 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\browser" - {28059cb2-ddf2-45bc-bbc4-6c1dfe7071e2} 416 tab

Network

Country Destination Domain Proto
DE 159.69.36.3:8080 tcp
US 8.8.8.8:53 3.36.69.159.in-addr.arpa udp
FR 141.94.199.35:9001 tcp
RO 185.198.56.195:9001 tcp
US 8.8.8.8:53 35.199.94.141.in-addr.arpa udp
US 8.8.8.8:53 195.56.198.185.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:50140 tcp
N/A 127.0.0.1:50142 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50245 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50253 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50597 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50605 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 udp
US 52.111.229.43:443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50955 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50963 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:51262 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51270 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:51573 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51581 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:51832 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51840 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI41602\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI41602\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

C:\Users\Admin\AppData\Local\Temp\_MEI41602\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI41602\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe

MD5 ecd8efd4cab1e6f7d84483c09c9ce6b7
SHA1 aafe438def0edbe9176f462d1e4e8c4a1883540c
SHA256 5032f5bb47f24f8e677397e347fdb4a501b0eda42f5d5aa2f5186edadf9838ec
SHA512 eb40225be2070f88465d35b56d5fd2f94ef4a9ead2306ce5c81bb2fa31b1c252e7b8f57befad32130023c5893fd1cb499c387daeb9b760ce2d008691c5359ea9

C:\Users\Admin\AppData\Local\Temp\_MEI41602\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI41602\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI41602\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI41602\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI41602\libcrypto-1_1.dll

MD5 1ce5b04a8b12799bd40d8b97b50d1ef1
SHA1 f46fed64756c1c0ee4f5b9308b7c3c7f672c76be
SHA256 2577ade6f2346a73e175adf10d2aacb2e72772f471ba426b65f63164f49e6fb1
SHA512 63fbde60d02a7c04b4e7a8054ad9af07e8972ea4e4eedf7764279dc58051c73190c8b61cf6154ce88d64448e7969e0bced5edccd310421b1858b59b547d39e2e

\Users\Admin\AppData\Local\Temp\_MEI41602\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI41602\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI41602\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 549e54a44c7326c30548c998a1d16424
SHA1 d4375f9ead356aff85d60375b08db168195d5089
SHA256 fb2df7a858dbfacbedb5ce100bc71dff2b1e1991b2d574c1d3d46701ceea5433
SHA512 7325a6d2ed8cf43c4665f2cda3f4f9578de7a87cf70178eff7e927bb8b58f0dceff4b4bf6029593ff64fab052718cf2da8228275580071de2d0fb77fcb4bb897

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 fd5225eac6a4da3c904ac0c620646f46
SHA1 9993f18fa6092d2acabecf7c7e9a19c2c66f2627
SHA256 cd7d8187bc2088d4c3e21521b9966f839ddcb942b272359da552034acb2ed073
SHA512 f4efbf3d9a55a6addc51d350e686099503029d9c35ebd77ef0f7356b1af40297d1c425c868bc08f1a3dc471e8b8be4e4740ff71bd2ff4826d3fd1bafd52c7f12

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI41602\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI41602\top-1m.csv

MD5 a29565710c081a7da5e38a4f4edd4e65
SHA1 818c4f88ac3e53f2ea07c7b822f5f7c7d5e7103a
SHA256 b9ebda977c49d54f46dbc40b08dd385dc79e4afca90796f35d538ef13ef95831
SHA512 eda629b4243b2143e9c4de587606e47f0c65ed258d3fada3d652b6339ca95476adab46a03744bbf09a9fb5456f087fc186546da464d36973622f376ae550ffd2

C:\Users\Admin\AppData\Local\Temp\_MEI41602\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI41602\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI41602\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI41602\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI41602\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI41602\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI41602\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI41602\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI41602\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

\Users\Admin\AppData\Local\Temp\_MEI41602\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI41602\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8kvotg\prefs.js

MD5 141c9205ffd1924f658798a883224593
SHA1 9af27d3c771d45d05834d54008bd25f8d56a2430
SHA256 ba35ed2e10ffdf52d9ada86e3366705593efb9d90bb510c6625337abc4ebb1fa
SHA512 31b01b1c8814a2216122a9299aad4c5fe553428e4ca567ec6eb1af0ab35bd1bf33c77e05979ce0ebdaf6b581cd07f87de8c33747fa4200428b6ba53b28d3009a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8kvotg\extensions.json

MD5 524df86131ca4532242418664f6b0213
SHA1 1a6add2a1038edaa6d4e7595f9756acd3b9cc20f
SHA256 772636f801130afbad0e6ca5ec328723ad2faab5480a1b91a0e69111953984a4
SHA512 87d366275e1c2843637d549bac5d95f7399a2edac68b489d811b3151f2975293adabcf89f294b70c33aa03eb2cc3d6bd6db29ff7a6375f62b3848ac91c1dbd2f

memory/4352-556-0x000001CD4D410000-0x000001CD4D420000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8kvotg\prefs.js

MD5 28d318dc3535ff514182c42f45e9a685
SHA1 5f1e24c665ae916b965acb8ce307b03a47e7906c
SHA256 d09537ca41319f5d810bf500f2b61cda9fa3afe763040d9577f32f6ef454d1e5
SHA512 18080d4576bd65f6c0f6bbd54726a0aedbc37392add9ee4ffcd44a5c3e0f0549af1b9340cfe8b3d35384d0a8cf90252f798ffef002205e10e40b45b698856769

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 fc022d26a830636722e97cfb904f164e
SHA1 a16f4069fe3ca8befb6e197ac02719608b5aaf50
SHA256 0b5c5aa91a36be3250fe37eb21a70cd318e857b7a3f3c3ee7ae6e98727161c65
SHA512 3222fb075da732688d55315a3624d8f52da660a5dde4184fea533f426dbfc78f64a49f91f33c8e80ceb1fdc28661092d3910239b469798a48adcf8b8b212130c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8kvotg\prefs-1.js

MD5 ee1ca0c5c9f77697d08b720dc7c3e26c
SHA1 95688b4e230f27ad44d8398b5027d3a59346c1fa
SHA256 bc037ae21ba42d6439ce9ee54d6df4202b48fd6668bb204ffbb05710e94f9ae4
SHA512 e34a2cf0257f4c15eb4bbb45608066d8341f47f1b91519bbfa5ea5bee411241989d91ed90239f9c6ef29376b2a98a4d7d3408eb39824cef6c3a274c6b0edb432

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8kvotg\prefs-1.js

MD5 e69ce3c248262c27e7a9412a3188958a
SHA1 8b4b4da03048fdbb659254330dd400f1f376c010
SHA256 859b4b21080c54c58d39e7969ff2dc53b96cff5bb9b7866cc536e403ddfe4272
SHA512 0163206fd49544a9619734a3908ad102ffccf8fd900c28ee399fb70cdacfd9025400da32f39d40b0977935c515b4310fca00283bd1651265fea28f1ba9c9f2ae

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1376-849-0x000001E6FB480000-0x000001E6FB490000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

memory/1376-897-0x000001E6F1AE0000-0x000001E6F1C50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\prefs-1.js

MD5 4b4c27e67f9b8aafea9ca38615f891fa
SHA1 1c8bf8d7dbb0d5302e183fe6c02f9a01ba5026f9
SHA256 760ed5013119fcad3be856f34a182a646e7b92dbbbd9b7180a7012ef1c58f44a
SHA512 548f712a782bb9a7d342cdb720bedf1d74a4923586de60327518528ce9a236b1b35afe76042d840ed66cf0861562c53a3e28c52767a23dab9a91da34e7814be8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\prefs.js

MD5 b68438b7dd2a38c403066597a2517312
SHA1 9af952701f299eadf614a7d3932c699b0ee1278c
SHA256 03e6257d8c81db2871574efb241b9289ff6227f2bef9baf1af1116706a451580
SHA512 07fbee56a40c4ea793fdf610cb5479ebf2f5fe5e166c8f86d5fb7ec1b14f7551de420e8fec792231db378d411dcdbc7a9738661d9fc5eadc39746264a550ea4e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiE0lxs\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley7DUgE\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley7DUgE\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley7DUgE\prefs-1.js

MD5 198c308915d375507745d5e2ff725544
SHA1 da108df1c759c9fa5713f00c6ce70e3a1efc1c2c
SHA256 759113d54734ab51abedd8bc645d42e25fd5b75895b443d0b697ceb168b80fa4
SHA512 f7f79c4da1c8905d6505685897d94f6655e3d4cc9759a86032c9f4d72766c13d6bba080cf375a00da35dba432970b5efda6895471d6a41b321ca8e22a8a75d8f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiley7DUgE\prefs-1.js

MD5 44bc5e71f9702db1fd3f7df180b86ea8
SHA1 eb4cf4f319ffe10cb21a9a1bb8f5b9ec1966edb2
SHA256 b069da00c84578a5658078357adcb427b26a680d3bb85eb60404bf389ecffdde
SHA512 51f67872189029163a5702d9a20594a324e23e8f66bf77e53ad4df1fc24e10c1fecd78e0182c6321f8ab142c50eadadd568e2f9e885f370a898694c7167a5f1c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOLxJ1N\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

memory/3944-1391-0x0000029421D70000-0x0000029421D80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOLxJ1N\prefs-1.js

MD5 6b8674bac42f5360e4cb3e2f8e063311
SHA1 41231c5708ce3c12f7279ef741488d0ca606e8d5
SHA256 506dc3f7b56453f13c9b34c45fcfda2a95a4abc0765e112664c06401369c84c0
SHA512 9aa2fa46d6e3ab87e5cbd9dd2cc6d35f2ece25c9acfcaf80ee5bf66318474831b3043d727229e2b17ffea153a500b7024d43dc63c6d2fc5abf2578a91e40db4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOLxJ1N\prefs-1.js

MD5 6e9f726b96dfaeb474dc6e1df21f65d4
SHA1 c14bcc435c3446f4e42d242214542f10dd2559ed
SHA256 9f1b6ff25fb0090607341a2cb64d3e4b081494df5496d07833db3dcc4aec82de
SHA512 61b9bf9521a8a5907c58ac38170eb8dd970835869d5d474a829bbc30879e7f79fef38f3c2a3902b6c1d879f2d2ba03668c4fd5fe73ccb1acc42711de15802d3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileOLxJ1N\prefs-1.js

MD5 9728c2b088342f451aa9122c5c69da7b
SHA1 e6031d67d655027dda7f222aab055ca1b2e4049e
SHA256 1aaed21e0042e45b4afe963aa718c366cac6ce810ed766bc094157d6ee5ffea2
SHA512 719bb97fba7b3801e90c81aed7dc81585e86e88992a39ae3589bd9c5afd4253f22b09aeb5c84ab0ea201199025c31718b0d94236428ebbae8596000eeb4d81fc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNPISKF\compatibility.ini

MD5 c7ee43d4588dff78f13f8f3d4bc451e2
SHA1 730bc44ec9f3645623b187053258cebb4c8f7f8b
SHA256 03dc1d0432d01abd8a696caa981db9dc3a4823fb30f7a848c86d5b43656a2e4a
SHA512 becdbfcc177932fa0d5b75c3bc8fd8aecbb76d3fc9da9e90f3a5659113fc694c0f8813583ae2d4a687c804878b610bd4b2813ff0a962cfd42da47de7da1fbc5e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNPISKF\WebDriverBiDiServer.json

MD5 f37734326c42ba13c915dc4e70eebafd
SHA1 f4f39cb5b10f83af174c564c0922615351870e75
SHA256 3acc4bb12c1b5be69a50733a288b930691fdb3aebc9ef171f52643828a57fe50
SHA512 809638245a076e55031bbce9e1033e2d1933220ac9905e1ac5420d7e588c5ebfd12f05f49b1f641da83eec089859e3f8a9ccc675717b99fbcb6473b183585238

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNPISKF\prefs.js

MD5 b3a5d1e20efa9996c7e330d896061f94
SHA1 03df0f023763a8360b1e14afc2d97b5c6edd53ce
SHA256 416bb85dfe2dcf3c95aefa8e7496f6a4540109cea1dc8fe9cdbe1246ee9ec3a1
SHA512 336ca929c5966cabeff0be586e717d99d59ac9d94b0c1dd5644270b32b0f1b1607068f270737ee0e5ab2d6e83262726f6a8a5db11cad799d5e2f469446b99e4d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNPISKF\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 c1970fa88aba8cbc305bc7cf3e1a4baa
SHA1 76a8b12729619f997f40a1c410e31d0013591f0c
SHA256 eecb9c364cd90594e55fe87ec464303b783ab174b0ff57d4330c83d7f400d736
SHA512 736e880868102db7352ec2fd44d8f363b7b6cce420a6650da30591320bb14a7a34b9035b3b0596ea2df25684ded894427119ca30852c1bde8d00d973386e5ebd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNPISKF\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNPISKF\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNPISKF\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7B9lnh\prefs.js

MD5 a42b0488d417bfed54ca011bede4e909
SHA1 eb8be3a255ba8f0cb4f5029d99aadfd7128d6fa3
SHA256 8cabafeba7239db5bf159cb349417af67216a9978dd4434a5f40271188ec7a54
SHA512 798bd124d544be0dd7db0006ed117821e02de28d1f3bd0e04ea3d44ad5958e0fbf9682221c9c351ea897540087463a0d8803e885c23d41cb181df9685af14b4f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7B9lnh\prefs.js

MD5 4e3154eda67c06bad2c7c52ada0f5ff0
SHA1 d87eefe37b14c436fc417d69b9aa142a9f0e4f7e
SHA256 323f9f3b72a8d9c11c128b414a00ced59c1bbf2d5bf6af366043776966d6ed02
SHA512 5bd593b4a0f643870a7557cb43c236d45e083fd1bed650f423a8e3121bd53d04c5cdd227f6dd5793feb78fd82962f8a2a011f85adfb4a437b86b548b474b0a14

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7B9lnh\prefs-1.js

MD5 9b0626f762f2b0146500e6b4ecee59ad
SHA1 b802e8726b8c00e4da93f412b83b6f4790f5e9f7
SHA256 26d9bfb15fa45caf00f25452988c5058db048314557c633dc6f17975c99185b1
SHA512 fdba6081326960ceb78987eb43b0e62b24a5207cf07531b10478bba2caae9e7c6d8ca9747da2d2621836d69ae1631f688fea12ff8f43dfc8d616d3d20184b696

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10v2004-20240426-en

Max time kernel

300s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4028 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4028 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4496 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4496 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4496 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4496 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1168 wrote to memory of 1772 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1168 wrote to memory of 1772 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4496 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe
PID 4496 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe
PID 2832 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 2832 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 1604 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 5088 N/A C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe --port 50572 --websocket-port 50573

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTcf3HU

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTcf3HU

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4656.0.1371741490\1522547100" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {e7ed4d75-950e-48ef-a838-703c61148bb0} 4656 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4656.1.1384705232\860196246" -childID 1 -isForBrowser -prefsHandle 2432 -prefMapHandle 2472 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {b194a9a0-b324-4ec5-950e-5c498d699ff8} 4656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4656.2.1930234290\1953280590" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {dbaefcb6-4b61-4734-af76-126dfc7ccac7} 4656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4656.3.1682170409\909061445" -childID 3 -isForBrowser -prefsHandle 3472 -prefMapHandle 3488 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {edb3c8f7-f02f-4a3a-a4f9-a0cbba8179db} 4656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4656.4.1393997595\572797676" -childID 4 -isForBrowser -prefsHandle 3444 -prefMapHandle 3288 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {2a84dabc-1ffe-448b-b1e7-949db14e6084} 4656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4656.5.492462141\1023590304" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3472 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {996b50fa-b760-4450-9672-e3d3d920201d} 4656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4656.6.475021941\800262328" -childID 6 -isForBrowser -prefsHandle 4196 -prefMapHandle 4192 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {297d8603-48d7-4c6e-9ec8-1bd6600e417b} 4656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4656.7.1417493241\565881965" -childID 7 -isForBrowser -prefsHandle 4460 -prefMapHandle 4464 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {67db2f4b-332d-434f-b6d6-b47192400b92} 4656 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe --port 50572 --websocket-port 50573

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="764.0.61402057\490334065" -parentBuildID 20240416150000 -prefsHandle 1672 -prefMapHandle 1664 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {d39f8e78-6a71-4e87-a2c4-e15903ac55ec} 764 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="764.1.1858331646\1744192272" -childID 1 -isForBrowser -prefsHandle 2496 -prefMapHandle 2744 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {80ab86eb-6bfc-488e-baa9-d3a69363669f} 764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="764.2.638373909\65615541" -childID 2 -isForBrowser -prefsHandle 3180 -prefMapHandle 3176 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {db3c5e59-4002-432c-84f5-651c98eda25f} 764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="764.3.1196572234\381486799" -childID 3 -isForBrowser -prefsHandle 3660 -prefMapHandle 3664 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {aeacfc74-1049-4337-a221-73f4c96133bb} 764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="764.4.2039684925\1936485891" -childID 4 -isForBrowser -prefsHandle 3884 -prefMapHandle 3676 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {91ead12b-703a-4ab8-8952-93460d08a0ed} 764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="764.5.800078576\1321556432" -childID 5 -isForBrowser -prefsHandle 3356 -prefMapHandle 3148 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {a3bc7ec4-0468-4c3d-9624-ee0a4f43fc01} 764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="764.6.632583494\1423396507" -childID 6 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {fd06e483-48f1-48f3-ba2d-c62d6b49aaae} 764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="764.7.908946367\1156092089" -childID 7 -isForBrowser -prefsHandle 4620 -prefMapHandle 4624 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {e389d10a-8d0b-4fa9-b375-e3bc9c7d8cbb} 764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="764.8.709564801\927215602" -childID 8 -isForBrowser -prefsHandle 4776 -prefMapHandle 3920 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {8e2d7b89-57ee-4c70-bd91-128c30beafac} 764 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe --port 50572 --websocket-port 50573

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAmrsFV

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAmrsFV

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1032.0.1561288542\1120668373" -parentBuildID 20240416150000 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {a741b472-2012-45bc-acc5-0e305615f8ff} 1032 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1032.1.776752020\92573509" -childID 1 -isForBrowser -prefsHandle 2528 -prefMapHandle 2372 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {1eb7fc72-f9f6-423b-b406-b0d46eb9af00} 1032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1032.2.1996742752\1949612071" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {9134c3cf-1730-40a8-83c6-766e0e22a767} 1032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1032.3.343780931\1533575968" -childID 3 -isForBrowser -prefsHandle 3444 -prefMapHandle 3448 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {cfbc2248-43ad-4452-911a-5a604602c240} 1032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1032.4.559298187\765684960" -childID 4 -isForBrowser -prefsHandle 3940 -prefMapHandle 3936 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {98fce419-cc01-49d5-9966-be1d8178a0c2} 1032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1032.5.570515525\242830024" -childID 5 -isForBrowser -prefsHandle 3424 -prefMapHandle 3400 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {f34644e0-2f27-4f10-b5bc-7a2d4dddffcb} 1032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1032.6.1491081388\778710959" -childID 6 -isForBrowser -prefsHandle 4300 -prefMapHandle 4304 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {7b4387ee-31d8-47d5-aefd-c5179e06698a} 1032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="1032.7.780560633\1001147280" -childID 7 -isForBrowser -prefsHandle 4564 -prefMapHandle 4568 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {ea1f0503-fca7-4e4c-a4cf-1032b1521690} 1032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe --port 50572 --websocket-port 50573

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyo2cxg

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyo2cxg

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4644.0.1809104311\49019658" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {3c25485d-26ab-400e-8b62-5c5ceb3d0e7e} 4644 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4644.1.228816842\1904121978" -childID 1 -isForBrowser -prefsHandle 2644 -prefMapHandle 2640 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {b44ad408-be0d-442d-95b4-41f313bfdd6c} 4644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4644.2.2057731119\923543352" -childID 2 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {a76ab8ab-e6af-4994-983a-fabf2d01538f} 4644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4644.3.1127273475\930985406" -childID 3 -isForBrowser -prefsHandle 3704 -prefMapHandle 3156 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {d05b1f79-ebc6-4320-8fc1-89857aa7166c} 4644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4644.4.1852113676\727325989" -childID 4 -isForBrowser -prefsHandle 3916 -prefMapHandle 3912 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {251bb321-6e88-4fd3-8c45-9242fd33bea6} 4644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4644.5.2006258892\1687472941" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 4052 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {cda64fe2-ba0c-463c-9331-dfe0a41bf98e} 4644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4644.6.592364410\1666208396" -childID 6 -isForBrowser -prefsHandle 4288 -prefMapHandle 4292 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {ba4d9aaf-8afe-40c4-bbbf-1d336ed24591} 4644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="4644.7.1082500714\810865873" -childID 7 -isForBrowser -prefsHandle 4524 -prefMapHandle 4528 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {5d8afa5e-302d-4850-a34d-875dd9ef6745} 4644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe --port 50572 --websocket-port 50573

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevm4GkP

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevm4GkP

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="900.0.880303717\192028342" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {f8ec2987-cd9a-4266-8857-cbd58b07fa42} 900 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="900.1.502407735\1461893095" -childID 1 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {76802b4d-448d-4267-bb5b-55ccd06843a9} 900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="900.2.647867828\752135524" -childID 2 -isForBrowser -prefsHandle 3176 -prefMapHandle 3172 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {61e93517-1790-440a-842b-fe2264a825a1} 900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="900.3.1901653649\2005254864" -childID 3 -isForBrowser -prefsHandle 3404 -prefMapHandle 3400 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {319d3865-4775-4185-9d66-76f91b374ebd} 900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="900.4.1917955069\959048869" -childID 4 -isForBrowser -prefsHandle 3232 -prefMapHandle 3300 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {f3b44b94-4e3f-4444-94d9-cb3e9306dc10} 900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="900.5.2107252561\711777218" -childID 5 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {e2df1bbd-57d3-4187-b24d-6084e68cea8c} 900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="900.6.1005789834\390853086" -childID 6 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {2a0ae4a2-a5a5-45d5-9369-9d6fb2c2f351} 900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="900.7.1625573374\194875062" -childID 7 -isForBrowser -prefsHandle 4544 -prefMapHandle 4016 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {61e344a1-0ba7-465e-8600-f88b246df255} 900 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe --port 50572 --websocket-port 50573

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenPu1bd

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenPu1bd

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="624.0.690513718\219179276" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {139d0619-59ca-428d-8ae7-19ac4a1d1381} 624 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="624.1.1832672129\711189784" -childID 1 -isForBrowser -prefsHandle 2760 -prefMapHandle 2756 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {1d269ca7-6cd2-4b50-9165-7b42140b0767} 624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="624.2.411384289\449075694" -childID 2 -isForBrowser -prefsHandle 3156 -prefMapHandle 3152 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {6afcb128-d174-47fe-93d8-ab3c0d4d8c3d} 624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="624.3.96480515\1847025033" -childID 3 -isForBrowser -prefsHandle 3232 -prefMapHandle 3220 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {75de5084-7f0f-44a9-b515-7e381fe4c189} 624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="624.4.543584543\1338817269" -childID 4 -isForBrowser -prefsHandle 3160 -prefMapHandle 3120 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {1912fe94-6fd8-4542-ad82-55bcd8d1d275} 624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="624.5.553589674\1920374686" -childID 5 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {c194457a-1de4-471b-bc7d-9e5be5e51ecc} 624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="624.6.245837364\395484117" -childID 6 -isForBrowser -prefsHandle 4232 -prefMapHandle 4236 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {46518d52-7547-4491-9cc7-2f12e728cf3e} 624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="624.7.1704499183\1711445098" -childID 7 -isForBrowser -prefsHandle 3824 -prefMapHandle 4432 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {c94d597c-dedc-4ec1-8fdc-0a52bdeb77ae} 624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe --port 50572 --websocket-port 50573

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelbpBzG

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50573 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelbpBzG

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3316.0.939953801\2099962469" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {a3de68a2-ba6b-4e39-8e15-4f0821782066} 3316 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3316.1.469785948\153542292" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2676 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {f9480f0c-9625-4912-bf9e-0bf20197b1e6} 3316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3316.2.1536820860\746857780" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {9cf530c5-6e67-4afd-9ec7-05fc7424ee6b} 3316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3316.3.1643390711\2104817838" -childID 3 -isForBrowser -prefsHandle 3748 -prefMapHandle 3752 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {24024f7d-8e20-4c23-b8aa-031b30d8e13a} 3316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3316.4.1141331418\883479436" -childID 4 -isForBrowser -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {28dcad31-2484-471d-bd40-287cd972628b} 3316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3316.5.764552542\319048521" -childID 5 -isForBrowser -prefsHandle 3836 -prefMapHandle 3832 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {77e0654a-66eb-447f-a49f-ad76ff3ade45} 3316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe" -contentproc --channel="3316.6.1622790649\537933885" -childID 6 -isForBrowser -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\browser" - {c7201a76-856f-4d06-a68b-4d4bdbdddf7c} 3316 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 2.17.196.177:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 177.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
BE 2.17.196.177:443 www.bing.com tcp
DE 79.143.177.192:443 tcp
US 8.8.8.8:53 192.177.143.79.in-addr.arpa udp
DE 94.16.123.171:9001 tcp
FR 45.145.166.104:9000 tcp
US 8.8.8.8:53 171.123.16.94.in-addr.arpa udp
US 8.8.8.8:53 104.166.145.45.in-addr.arpa udp
N/A 127.0.0.1:50675 tcp
N/A 127.0.0.1:50677 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50780 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50788 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:51158 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51166 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:51530 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51538 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:51839 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51847 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:52190 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52198 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:52535 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52543 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:52847 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52855 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI40282\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI40282\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI40282\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI40282\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI40282\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI40282\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI40282\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI40282\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI40282\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI40282\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI40282\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI40282\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\tmpdtwdjw4n\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI40282\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI40282\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI40282\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI40282\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI40282\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI40282\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI40282\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI40282\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI40282\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI40282\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI40282\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/1304-492-0x00007FFA6B1B0000-0x00007FFA6B1B1000-memory.dmp

memory/1304-491-0x00007FFA6A1C0000-0x00007FFA6A1C1000-memory.dmp

memory/3640-522-0x000001A6597E0000-0x000001A65984B000-memory.dmp

memory/4656-545-0x0000020A56AE0000-0x0000020A56AF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTcf3HU\extensions.json.tmp

MD5 f1e9efece63a1af13bb4c071f735316d
SHA1 eb81dced3465ec6d2fc7b04637c1b863cc1c8656
SHA256 0245899c3de106ca532b2c18dfc9790b7445bc17dc7532ab55e08d788396bca6
SHA512 b8761a9880d63dba788655f8c05759d04d2a5fae5f72c4994fd905a9fce52d4c93af636438be4b8b6225415134ec80c3e6236e73bbd92d1edf08c6ea5ce7f8cb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTcf3HU\prefs.js

MD5 9c48bf4654e159e53cd97c89030e8619
SHA1 cf0cf4e2b55e3dfe525d2f62cd8d218bf08f530c
SHA256 037b8f361b7bbdd59c1123c77f196a44dc99b43fd9f038bae495e8bb62d179bc
SHA512 4c3fa50d49a445fe8012491adf4ab869e53cd8dff7341e690b1d2be1d33089e2b73ee7fa3439e8e2ae7276026e4019aac2311f3975b1dcb253c4ad6eca383a89

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 089c4540bfb6ba6ff5e865dacda2fc1e
SHA1 8cb70bc1b7733e925b8fbb6a6ce51423a436e096
SHA256 ae75543c343ae6239e2fc8959dc07b96cb55e5a275b91f4093ea731f99563eb5
SHA512 e753b17d9ce0f14b8adaf6d59e7303959175b25c31769128e8c38dc04afa3164cb53999bdf94253b0f395677e87ff7170ea90f57636bf1aac029593f29f7c39c

memory/3164-613-0x0000026EB7CA0000-0x0000026EB7D0B000-memory.dmp

memory/1304-612-0x000001F849380000-0x000001F8493EB000-memory.dmp

memory/4656-611-0x0000020A4AE30000-0x0000020A4AFA0000-memory.dmp

memory/2148-628-0x0000024DEAB00000-0x0000024DEAB6B000-memory.dmp

memory/3536-627-0x0000028C0F700000-0x0000028C0F76B000-memory.dmp

memory/4964-626-0x000001A0B4720000-0x000001A0B478B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTcf3HU\prefs.js

MD5 120ec841c9c91d349ff7741f3725b8cc
SHA1 e73130d8de6d075926102205204f41ff7c9391d7
SHA256 ecd3d505f848dddf851f8b0e00e3a06eb62969d512026ab5807f061189fd17e6
SHA512 92eb6b5e42c6132c93e7d7077dad9c1a6a833a68570c70fbd522f9033383fec5d97df5e82cb0fc3f39e56a2bb2e9ad718caa064e742e48bb166ced256e72ba33

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTcf3HU\prefs-1.js

MD5 60132019a4bb0948d80904ed00b0d0e4
SHA1 688b3d3e13be2e7305315292bc79e535695ac004
SHA256 3cc2c3f37e7a08a7cf3e5ebedecc590d1b51679cc7d75ad2fb0c5be860e65aa6
SHA512 bcb2d1e4e3cb16114d9b3768db2dc12e03bc3977a06f064f7cd615619390b9bc520b844f80dd493f5cd7b40dfb5e7225cb66501eb1c8eb3e9679729c18adf495

memory/3864-667-0x000001E51B230000-0x000001E51B29B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileTcf3HU\prefs-1.js

MD5 febd0789560dc953a566bec2715f3104
SHA1 b1cfe47cd78478a87b101f63316bb15c511c2f3f
SHA256 47d78f58fe87732222b03ec7373b19d8cb9b69999fe6fd5fe8a73a98c0f292fa
SHA512 ab747a8aa88419ba9e020cfe2bdbfea39cd5f1bf3992e40c696be52f52b2db3bb043a71f2bccc12f46d193514ac12b16fed91e70790db3701c18a7f1067b2202

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1304-859-0x0000025E57550000-0x0000025E575BB000-memory.dmp

memory/764-882-0x000001BCDD8E0000-0x000001BCDD8F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO\startupCache\webext.sc.lz4

MD5 ad70c39d13a0c42ceade33b627e1ebe7
SHA1 40e6980874d6ae15f883eaf463c9b917a92ad14e
SHA256 a4df7b8f6d6c83b4b42d7cd732560132dfdd453d53fab65144a6fdeec6da8c62
SHA512 278407a7c71fa31ed6ad25c6a7b8fe94e9fc00727f487f43218dc5dfb2ebda402912e1c9846a0b2b28e565bf3a61ac5586e820c0873d31ae68f9e86360504349

memory/3500-959-0x000002D6AD340000-0x000002D6AD3AB000-memory.dmp

memory/2832-958-0x0000013123AA0000-0x0000013123B0B000-memory.dmp

memory/424-957-0x000001A99F930000-0x000001A99F99B000-memory.dmp

memory/3640-956-0x0000024482830000-0x000002448289B000-memory.dmp

memory/4524-955-0x000001809FCA0000-0x000001809FD0B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO\prefs-1.js

MD5 d0df7cd2b1d8e50f2cdb6b670efb56b7
SHA1 6898fcf0833234080234bf88c4f6165210062056
SHA256 21261de8df271d9c96c0d6fdbb68ce81c5451fa3837d46f5c6387c750275145f
SHA512 b924d1c2d0f51bd427061d2b69951fb2d25a359a074f3b5ebf328d108c1a6abd91c3c634c3d0c92d72491adf37d244b7a55fb34064dede7ca16ed1e21762c2d2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO\sessionCheckpoints.json.tmp

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewFdkjO\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAmrsFV\user.js

MD5 fabecc1f2f9211cfb2669b19d504faba
SHA1 b94e1452a320e49e7e6c48c4cb8c7a1fe3ae1a9c
SHA256 41aeb5c7bd40f1fbe0edc80a05d5099a0abe8f356291500e1044cf72a81b722a
SHA512 98b2ae8057364021b63eedfe29eb3134a4b1f767b76508e4e7c4b39855b4e8eb0dc8934077e3c1152ada1bcce001674bc9e5bb1bd1f91252e8b3165d0babdbd4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAmrsFV\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAmrsFV\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAmrsFV\prefs-1.js

MD5 8a99a87a2532aef0a623124c9e97bbca
SHA1 d33008783f69d653a55fea26f6d223ecb7b3d101
SHA256 586b570007f2e9d15558357f7f0c34d513b90686a20dff71509c0a347125d588
SHA512 232bf5bb9f0427fe50714d483a410f354e302e1e81e3a18413ae890b9e4baa11f5909c00535900a299f5d1723b1e1a8ceef26e1d4748cb131eb2bc1a89f92741

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyo2cxg\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyo2cxg\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyo2cxg\prefs-1.js

MD5 5cf67f1f8177c2b88c154b7ca5d97530
SHA1 2ef19a1845b5aa1e184de0052bb45950354ce44e
SHA256 045ff4505fc29e36ad3aa314ac425891030f3c56e19aa1fcb36afbededfe6561
SHA512 6a0c7e0f7eb42e4e628d4b7194c09da0c26a8d98be23273fe5eb873b31675e7bfbc090575523d01ae8f897e189d3cac101703dd60fdd0d5c6a8a86cad6cadb93

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileyo2cxg\prefs-1.js

MD5 25ab9957a423274c0f74a9790c5be9d0
SHA1 5cde1e223f2a0f0b2c78dc5eac354829cf211725
SHA256 3b3b4fb5e5b1005bf52c8240fd8a82c26ccaf694efd64813cf1e99af17261d29
SHA512 62116fec302ef9493eb7d6a6634e0067479aed8816050e0fec90ac09bc1aea11381e4495cddf86791c795ce765dd82fb75066511cadb9b5e76114dd8f79fe551

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevm4GkP\compatibility.ini

MD5 5b2f5f30b2edda498fd46f856b46e935
SHA1 18f75b0cc1873e91e0abcf4fa03cec46b257cb9a
SHA256 710cc5b54003fedec95bf1627b6ff56c69459c2649b05725a6c89f7e19df5a8c
SHA512 432da38fc7271470738f0961a6fdbfeb020a493c8093f542e78ddbd59f2642a19074612fd0a1ddd5927be8316e7ef682489654b64067585f853bcfa214fa2967

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevm4GkP\WebDriverBiDiServer.json

MD5 7d51f7d29865a572a36027c41bde571b
SHA1 1960b9ff6d321eb719171c8154b2fbbe2f004900
SHA256 384faba7eed560c62dc7bd140a22c225f74e88b18aa5852ef93144bf4935be85
SHA512 ea12a842d65ed8c6b073a5c5a566a3cbdb19d1a4a0c27ee479d0200630d41cccda973f9b7fa411d4df3b0d9c5a5348c421549d2ce57ad459b5aae329f94f4217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevm4GkP\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 dfaa6a9af55ae85fe1c7b6d4e1c9556a
SHA1 4b40b2c3e983c01f58c51805b73c73b1b9590eef
SHA256 68633ab0841f852960fec07545b8176bb9831fb17b7d06c3522f4164ea720081
SHA512 8cc05f011057cfe291439c0cde538509c752e6bb520ec56f3023a12ed4238417a3e1f996bb2cc639418d891a1b822d8f132ce42a45e2cc11d194ba1c80f0fc8f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevm4GkP\prefs-1.js

MD5 b8361282ca04128f3afacba411379806
SHA1 adadb17aee0b970030fb789db5499c209eddaa99
SHA256 1dd948160c9d8504ab8715962ab03a7dc1b3eba0413d1ea6a73fa3fd29814eb9
SHA512 6c05a3e59f7059cf1aafc24e855e2c507df6030c02cbb8aebfcf73ad66bf334c5ffeba42aafb65c1b5ddcf854f2c564f2a96632fcb88fdcadc3edb882735bc9e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevm4GkP\prefs-1.js

MD5 1a2c636f4f1f5d13e98305e698841d6a
SHA1 8c74e6aa2a2f6a87b9c0518dfb57dbdf3a057902
SHA256 133043543a4b642ec6159ee47c2701e852fb093175eca6947020a46f9f439cac
SHA512 b95b6eb8dc6324bd92b1531cd8a84592c3a4537b525e90aa0c5c900a5d10503ca30e21aecccb2c79c2c7b2d133ac48e8d8d355d05c0ffbb7b80f331f74bb5b8e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevm4GkP\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevm4GkP\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenPu1bd\prefs-1.js

MD5 a210f67d7c3e778135c55010a280dae0
SHA1 cf3cac625d3bde36cc192fd7c4fe6aa6762c6a53
SHA256 febed27835796817cbc6f73deac6e1a256816e0e96cac30962677c5057728d6f
SHA512 f835e7123462fa0363a87c66ae79d01dcd07255dc2045e590ffccb6a7792875663315fac131e290f6fe0d755b38281b92908d0a7d09ae3b78f09d2085276963b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenPu1bd\prefs-1.js

MD5 494f963190863460b806ef0c303fe1b7
SHA1 1682aeca4c6212d03f88919e3100a65c543293f2
SHA256 17d2406c0554226b33d205e92c2765e6fc79c037b94f01be707c09b5b98b0653
SHA512 567f6f717b43013895e47036048e08e75be9a051333e319406eaf7503f982f9ab3fb797e71451bc52bd4c0e81c71863bd9f59ba685919d6ce7a5fe3c94057f21

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelbpBzG\prefs-1.js

MD5 a6961b73de7c91ba0faed08c457184c2
SHA1 c189251e8faef2d2dc61efd00b7285e8904f2a19
SHA256 cc2e94657d32ca8fef5afe0510821eed43f088b4eb3ee174ac0405208ae709de
SHA512 397a87c8319f59ffbfc3d242f13c0645366c43ec5a704379ecdd5ecaa7cbaa3c6bb67d6f347271b438693c261a73e919207c470e7ded933a700bc3fee46ca54c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilelbpBzG\prefs-1.js

MD5 bf2e8106c7e6d91fa40770304fc7709f
SHA1 f3f6a8d5d11cdcd6490cafee2e2c340560d6a2b8
SHA256 1c37c1ed6c47bc9dd3ac98cecbf7c26c9906f7ba1c520416f60ed5b9288b72c3
SHA512 96ef04d91be491d9fa28bf075edb730d654682ce9fb0753dc9b76856219ec1cb72b4f1ff0f0308e10a284a01f6752d95eb141637b81a4a27e4ced02cdbd16e21

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win11-20240508-en

Max time kernel

292s

Max time network

313s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4360 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4360 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 5092 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5092 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5092 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5092 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4776 wrote to memory of 4028 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4776 wrote to memory of 4028 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5092 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe
PID 5092 wrote to memory of 2664 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe
PID 2664 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 2664 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 876 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe
PID 3728 wrote to memory of 1476 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe --port 50007 --websocket-port 50008

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50008 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezRDp7f

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50008 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezRDp7f

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.0.755249550\1418699008" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {53a45ec9-bab9-4a47-a195-541ad5e052b0} 3728 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.1.1252845890\1314268615" -childID 1 -isForBrowser -prefsHandle 2772 -prefMapHandle 2920 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {f80c31f5-5e0f-42ea-a3b0-4ccb822212a9} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.2.1548255528\1949663878" -childID 2 -isForBrowser -prefsHandle 3064 -prefMapHandle 3060 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {c4a8f4a3-d3f4-4f0f-939f-11afee75247e} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.3.252289992\974522577" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {02002b2e-6169-44f0-87b5-90d563058877} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.4.296103671\132645904" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {4dcebdd3-5ed4-44c7-93ed-cc5f842c9840} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.5.877422484\128883263" -childID 5 -isForBrowser -prefsHandle 4024 -prefMapHandle 4028 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {c30af2ff-05c0-4b4f-b2f1-58f44c6cc33a} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.6.1145460404\320598485" -childID 6 -isForBrowser -prefsHandle 3888 -prefMapHandle 4220 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1212 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {e8bf83e9-5bc7-4120-8007-22c2b4a7b543} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe --port 50007 --websocket-port 50008

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50008 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50008 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1156.0.438030194\886037302" -parentBuildID 20240416150000 -prefsHandle 1688 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {02f560a2-6ff0-4dda-97aa-7551b4fa3607} 1156 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1156.1.467562767\1041249774" -childID 1 -isForBrowser -prefsHandle 2748 -prefMapHandle 2864 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {9312c14c-d9c3-43f8-8b87-7ed1cbb5dd5d} 1156 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1156.2.722013980\624095240" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 3068 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {b35a5a57-c96a-4091-9c8b-5bb820f4e6b1} 1156 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1156.3.875088752\886125336" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3644 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {3fff8ac2-3c4a-41ac-9e8f-3f3067f4a280} 1156 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1156.4.1226566635\1002708347" -childID 4 -isForBrowser -prefsHandle 3780 -prefMapHandle 3772 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {4f2f3f1f-757b-4275-a3fb-6dd3f937ebfc} 1156 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1156.5.791212001\757831930" -childID 5 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {f983103e-79c1-4731-97c2-4f2f040e2768} 1156 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1156.6.2044080078\117145394" -childID 6 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {b471b4c8-ddb8-41e9-a64c-d92246f78f6d} 1156 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe --port 50007 --websocket-port 50008

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50008 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA7w0nW

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50008 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA7w0nW

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1476.0.519640982\801093847" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {9a51218e-0a94-4975-8a1e-5aff0d3d1fca} 1476 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1476.1.1836230504\885820791" -childID 1 -isForBrowser -prefsHandle 2724 -prefMapHandle 2752 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {b49bc053-4e2f-479f-88eb-3b16f08b4dce} 1476 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1476.2.1486441088\2060383083" -childID 2 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {3e6cf6a2-77b3-4604-ad11-03267683d5d7} 1476 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1476.3.1635090293\386556948" -childID 3 -isForBrowser -prefsHandle 3216 -prefMapHandle 3220 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {33901e46-e9cc-4c55-a0ce-ed553e16ac09} 1476 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1476.4.1725226433\746711948" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {25375e39-2a0b-422e-b8b5-d520e0da06d5} 1476 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1476.5.1644598532\1668996702" -childID 5 -isForBrowser -prefsHandle 3880 -prefMapHandle 1528 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {74135c48-4976-4164-be98-89a008e1ffbd} 1476 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="1476.6.10819026\1808077527" -childID 6 -isForBrowser -prefsHandle 4048 -prefMapHandle 4052 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {84cc20b9-e4b1-4094-8f61-fb3bc1991da1} 1476 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe --port 50007 --websocket-port 50008

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50008 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee8GbWI

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50008 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee8GbWI

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.0.1178979146\540921346" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {c02b949b-3425-4b53-9c51-7c70d59e8c5a} 2488 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.1.1015964627\603491849" -childID 1 -isForBrowser -prefsHandle 2404 -prefMapHandle 2536 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {94050e66-285b-4375-88bb-3123fa0e1c30} 2488 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.2.1542815516\1376975603" -childID 2 -isForBrowser -prefsHandle 2288 -prefMapHandle 2972 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {027be498-8478-4a8a-8947-d3ef5c400f0b} 2488 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.3.735321581\1857647929" -childID 3 -isForBrowser -prefsHandle 3180 -prefMapHandle 3196 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {43927946-d6f8-435f-b353-6a8a5516e633} 2488 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.4.689363294\882163208" -childID 4 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {67ea7605-14ee-4b78-a4ab-24f017d751b9} 2488 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.5.700103423\303851967" -childID 5 -isForBrowser -prefsHandle 3256 -prefMapHandle 3376 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {db936094-5d9f-4869-8635-755c8c9ded23} 2488 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.6.655315107\1533239198" -childID 6 -isForBrowser -prefsHandle 4140 -prefMapHandle 4144 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {88bb2b0d-b523-40c7-b1b4-c7aa43515c1f} 2488 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.7.1082713291\415747632" -childID 7 -isForBrowser -prefsHandle 4092 -prefMapHandle 4168 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {7094ca0b-bae6-429f-8430-06f7abe28420} 2488 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.8.1140478422\692395888" -parentBuildID 20240416150000 -prefsHandle 4176 -prefMapHandle 1440 -prefsLen 27675 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {9ebd4c11-436e-49fc-9583-6df4598e3ddf} 2488 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe" -contentproc --channel="2488.9.1403852479\1652551279" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 2676 -prefMapHandle 2884 -prefsLen 27675 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\browser" - {f7aa1099-8bb0-4489-961e-52f6a4659469} 2488 utility

Network

Country Destination Domain Proto
TR 5.252.74.238:443 tcp
US 8.8.8.8:53 238.74.252.5.in-addr.arpa udp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50113 tcp
N/A 127.0.0.1:50007 tcp
FR 188.165.26.13:9000 tcp
US 131.153.152.146:443 tcp
US 8.8.8.8:53 146.152.153.131.in-addr.arpa udp
N/A 127.0.0.1:50007 tcp
N/A 127.0.0.1:50216 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50224 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50007 tcp
N/A 127.0.0.1:50007 tcp
N/A 127.0.0.1:50007 tcp
N/A 127.0.0.1:50530 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50538 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50007 tcp
N/A 127.0.0.1:50007 tcp
N/A 127.0.0.1:50007 tcp
N/A 127.0.0.1:50815 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50823 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50007 tcp
US 52.111.227.14:443 tcp
N/A 127.0.0.1:50007 tcp
N/A 127.0.0.1:50007 tcp
N/A 127.0.0.1:51116 tcp
N/A 127.0.0.1:51124 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI43602\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI43602\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI43602\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI43602\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI43602\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI43602\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI43602\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI43602\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI43602\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI43602\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI43602\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI43602\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI43602\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI43602\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI43602\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI43602\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI43602\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpsdina05s\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI43602\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI43602\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI43602\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI43602\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI43602\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI43602\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4708-494-0x00007FFE298D0000-0x00007FFE298D1000-memory.dmp

memory/4708-493-0x00007FFE29D50000-0x00007FFE29D51000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezRDp7f\prefs.js

MD5 97c9cc54995dd15e60f0c9600df2ad65
SHA1 56999166c983e371e71ac03ee0080daf99f93f75
SHA256 0846e3eb45ffef259529b8815b3735b5661e0c76fac16fab99b76a93827f64ca
SHA512 c7ad8fab9fe6e256e4ba3eeb38b8d89662730b35460caa51f0cebcd01128f0b5a9ae28b67da24475209dd5fb2d90f3da48393d75c174e90bc6fbe24e5df65dda

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezRDp7f\extensions.json

MD5 432e08c11c7c26417a3d2f2dffd75df4
SHA1 05300cbd90f01e04155e21e42ad85188002182b5
SHA256 7119403aac3e30433f9440af1393f3eb313f51a99a8a10e7508eb7f7252473f4
SHA512 dec775afb859b3fd106ed4b902b99829749d61a6f06c85598a30ec4cb48f9f386286ec4f33087be6e6eae70d363fe4f545eb39bf0e68a89266efebcadaa4057c

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 e065714ac139ebe78883c99ece50ac21
SHA1 9ed361bc2d1680a1b4a19c56b7c1ec6b1784e4c6
SHA256 a0c2197840066e2007ea947813ff64f1d200d46fe5717117d563cfb0b0e863ea
SHA512 0f791510b633ad438075a69a88a57ebf9f0d086c49f89320b260998381bf21d3dd5f095468295977181bc77c1b46bdf17b65a60aaf4b311c0f2510d60557e9a0

memory/3728-568-0x000001D0E6F30000-0x000001D0E6F40000-memory.dmp

memory/3728-605-0x000001D0DBA50000-0x000001D0DBBC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezRDp7f\prefs-1.js

MD5 7af3b1761a1df2750bcaacee29355366
SHA1 f742be3c5e29385757b8c6bc5d4fab3ae83901ba
SHA256 83fccc0caa72c309b2b7680b2a31c8691e7dba72b548b0d34127f53b5b508049
SHA512 0331a4e88076a6a48f89dfd29946b447264b265f29ab86d9c8a42318fd0e2aa3f43e4ed683cccb74b02b24e796e46d57d9ca911ddc98cdfc4f4383016bd9bcf6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\startupCache\webext.sc.lz4

MD5 829ad1e2a31213908c620602bd5e35c2
SHA1 8802af91507d12db2db3ef37d13b19402f4e2c46
SHA256 deb76e1fd4a56175267a860cda38c740a2c81db15a3308c070adc3d7a32d8f42
SHA512 3fa0da3d3d339dab80444092c07030e6bdde512a3fb422eadb88b61ec7ba19e28e3fd1ee40250a5d897ced06706ac396a97feae22bf76b13ccff7e037a7ef94c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\prefs-1.js

MD5 2ef97bbeff841acf3f48ef4c0eef54ba
SHA1 f2f24f0d3960f5c82f1fffe25f0963f45a3ccb6a
SHA256 ac3eba99ee5003f8647574dd03fef8905d765ed9229a5fe47d6d48ef9d3f6957
SHA512 e6a7bc99e38cd953c1df349b9e138d221173693a7a31af99024cad210e7868203cecca1ada0da216db1a1ca0a305a1fa40ac2f3562ab283ca80925be69500122

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilegJXsba\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA7w0nW\user.js

MD5 00cc6397b628f1762d2f7dbe8dc5667c
SHA1 674a207e1cf2545e791df61b5b84762cb2b86709
SHA256 cb5706f0f6901ebfd48297ef83baa2ad2765496c13e4f9bfc72e9a00e5e2918f
SHA512 7c863d5c001ece5dc64272d73c17021c120934ae26297b7f6842de770a650cbfef94f14432977e07aede4a0f8e3851ae0fde9e54c6b41195c61e922d4071dd85

memory/1476-1114-0x0000025C64430000-0x0000025C64440000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA7w0nW\prefs.js

MD5 bc55094a15bed289af4105583b0c5c47
SHA1 08c445adeb215d3370d32f4c5c4054b55aba85d3
SHA256 2cba62094ec463abcbf0e29969b8471a9c6cffd2431ec14c039b1b55cbb1dfc5
SHA512 bce194aa5b6dfcfff422c5241a8e1dbec723d0f81e979b07063fd32897a221e12c0b811600edceaf2626f4eb8aecbdd13c90c4ef2eda0a685743a5120448affc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA7w0nW\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

memory/2488-1391-0x0000020B50470000-0x0000020B50480000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee8GbWI\prefs.js

MD5 59f7ee39719f7c627df27825c253b590
SHA1 10ed14c28443884b29e9c9284b69f909c2e5095c
SHA256 373980ff0bedb8cdedc8bcf6dd5eb390ded6e8e5250561c83135603d5fca2ef0
SHA512 a380b12688764d0721fec232277aff04474cb4998aa1fb3b412be2ea7c8b186ddf3ebc4e8ce19bf5274dd5aff5334184d5802d45035b43adaf19f245212e8885

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee8GbWI\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee8GbWI\prefs.js

MD5 3720d9a9698211a307d01029d7062c20
SHA1 a3005522517ddf9b3f7da734ed6157dd9cbf667b
SHA256 9dd57d6c28c8835c9455cafc9e2decd8f827583e9df6dd8348ae7e228c049cee
SHA512 b51945a0d5b4a66d8c37439059cf33b3b4e539adf302fcd4d4db884755269415c59018ff674afc362c8321a2b87d7941b4cf28fde8a8cb19ea8701809d5137d9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee8GbWI\prefs-1.js

MD5 e3df56a2085d962c866452c4f705cf13
SHA1 35fe1bb5f786efebfef4f93903a9673a6c789d66
SHA256 91e500466b1cb3336a07d497d779924cc7e88b109064fae0bd7313127f3e9012
SHA512 8de0f27035e2698b98584e2aee617993c8b38ffab748b56385da22c5a7b8edcb48c02736fe7d90c65a4df2f16e1f9c7cbfa9b68643ccdd8918b40cb44e684a8d