Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-ccfwyseg29
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
evasion trojan pyinstaller ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Likely malicious

The file heavy.exe was found to be: Likely malicious.

Malicious Activity Summary

evasion trojan pyinstaller ransomware

Renames multiple (51) files with added filename extension

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Unsigned PE

Detects Pyinstaller

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:57

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win10v2004-20240226-en

Max time kernel

323s

Max time network

347s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4900 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4900 wrote to memory of 4660 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4660 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4660 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4660 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4660 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3780 wrote to memory of 1216 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3780 wrote to memory of 1216 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4660 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe
PID 4660 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe
PID 5064 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 5064 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4428 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe
PID 4416 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4304 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe --port 50121 --websocket-port 50122

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50122 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9oWgNZ

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50122 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9oWgNZ

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4416.0.1781070577\227200098" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {0a77fde1-3540-4490-b447-d21fdba7fecd} 4416 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4416.1.1699350428\1038538088" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2688 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {fe55f5bd-2e25-417b-9a05-399159120cc5} 4416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4416.2.1502202758\1021984870" -childID 2 -isForBrowser -prefsHandle 3256 -prefMapHandle 3252 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {93887403-fa43-49f8-96f3-0269f1770158} 4416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4416.3.135959301\772418023" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3596 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {de6eac90-8330-4951-b694-95df2502b80c} 4416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4416.4.1159576949\90734238" -childID 4 -isForBrowser -prefsHandle 4088 -prefMapHandle 4084 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {e32d557a-edd5-42db-adf3-df9215b644f5} 4416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4416.5.1789396004\1140534862" -childID 5 -isForBrowser -prefsHandle 3304 -prefMapHandle 3308 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {8b5dc370-9764-451e-a8c3-b95a572b21c0} 4416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4416.6.1753807674\1404789340" -childID 6 -isForBrowser -prefsHandle 3196 -prefMapHandle 3888 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {32f7db54-c354-4258-8f79-4be961d244ad} 4416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="4416.7.1212516622\1316027707" -childID 7 -isForBrowser -prefsHandle 3224 -prefMapHandle 3160 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1332 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {1702db61-4071-44bb-9ab9-7b07537a474d} 4416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe --port 50121 --websocket-port 50122

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50122 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50122 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5516.0.1150786569\118208647" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {29baa8f1-8b82-4ad4-ad7b-7c0f6e1629c6} 5516 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5516.1.1611739557\423213778" -childID 1 -isForBrowser -prefsHandle 2640 -prefMapHandle 2636 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {8e83d892-6a29-4615-97fd-fa988e2ef6e6} 5516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5516.2.791032259\1410254503" -childID 2 -isForBrowser -prefsHandle 3228 -prefMapHandle 3224 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {00c9d5dc-bd39-488c-8bdf-dae9d27876ac} 5516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5516.3.635731655\1940184815" -childID 3 -isForBrowser -prefsHandle 3240 -prefMapHandle 3452 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {185c4252-c3c2-4e49-9cbf-77bb313df4f0} 5516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5516.4.351703307\1166499369" -childID 4 -isForBrowser -prefsHandle 3664 -prefMapHandle 3452 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {afc52e51-87e2-46a7-8a96-3349a00abff4} 5516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5516.5.418445824\65388671" -childID 5 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {df128a6d-a4c8-4470-9aaf-091f2da7883f} 5516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5516.6.478620561\298823384" -childID 6 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {3194bdc3-9f10-4bda-ba53-19c99c021e65} 5516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5516.7.1255683366\356394459" -childID 7 -isForBrowser -prefsHandle 4564 -prefMapHandle 4560 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {b5956ac1-a8fa-4235-9a49-7281cca153b1} 5516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe --port 50121 --websocket-port 50122

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50122 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHn267p

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50122 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHn267p

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5440.0.935760921\447257146" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {402cfea3-5413-442d-b0c3-366c912e26d1} 5440 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5440.1.798727873\1233719679" -childID 1 -isForBrowser -prefsHandle 2628 -prefMapHandle 2624 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {a9a95bb2-5f24-4ff6-b366-31bc03ee5d92} 5440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5440.2.1744716390\1783502998" -childID 2 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {06c45195-3c19-444c-836f-514202971805} 5440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5440.3.1362313184\794438405" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3656 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {b5f4ef8b-ce39-4e48-9446-4e8f5b03fc6b} 5440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5440.4.809961439\173216368" -childID 4 -isForBrowser -prefsHandle 3996 -prefMapHandle 3992 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {1be6cc70-4026-4584-be41-2e40c9a2512c} 5440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5440.5.892547166\1323772836" -childID 5 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {ceda0285-777b-434e-91bc-975934efcd61} 5440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5440.6.611813328\666413256" -childID 6 -isForBrowser -prefsHandle 4340 -prefMapHandle 4344 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {e81bec6e-ee85-4f72-978d-549abe5c06ab} 5440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="5440.7.512657034\13201857" -childID 7 -isForBrowser -prefsHandle 4332 -prefMapHandle 4804 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {60930805-f3c4-4966-b962-204260e81827} 5440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe --port 50121 --websocket-port 50122

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50122 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5E32oL

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50122 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5E32oL

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.0.1694549207\656262186" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {3c1e59c0-9f08-4d1f-98cc-940f8a5fe919} 1428 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.1.1893824257\259660266" -childID 1 -isForBrowser -prefsHandle 2688 -prefMapHandle 2704 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {7b259f5b-2f75-4391-a2db-c9637af8cf21} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.2.648826563\1551587713" -childID 2 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {8fd29ff3-23fc-40a0-8fdb-83e76d3f338f} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.3.1831029940\2085942200" -childID 3 -isForBrowser -prefsHandle 2688 -prefMapHandle 3488 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {5e471fdb-ebf7-4fc7-9a45-12fc9b9a081e} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.4.208449308\1734054117" -childID 4 -isForBrowser -prefsHandle 3828 -prefMapHandle 3824 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {20ffaf44-9723-4907-b5ad-458c82206cda} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.5.2069692677\1298002137" -childID 5 -isForBrowser -prefsHandle 3964 -prefMapHandle 3968 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {280b5674-0cf7-4e8c-8c5e-f23188805364} 1428 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe" -contentproc --channel="1428.6.2065464740\1621323453" -childID 6 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\browser" - {863ab60f-95be-4fbf-97e0-d95329f89e94} 1428 tab

Network

Country Destination Domain Proto
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 185.170.114.25:443 tcp
US 8.8.8.8:53 25.114.170.185.in-addr.arpa udp
N/A 127.0.0.1:50224 tcp
N/A 127.0.0.1:50228 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50319 tcp
DE 45.145.41.146:9200 tcp
CZ 89.203.249.226:9001 tcp
US 8.8.8.8:53 226.249.203.89.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 146.41.145.45.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 205.201.50.20.in-addr.arpa udp
N/A 127.0.0.1:50327 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50671 tcp
N/A 127.0.0.1:50679 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
NL 164.215.103.126:9001 tcp
US 8.8.8.8:53 126.103.215.164.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:51017 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51025 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:50121 tcp
N/A 127.0.0.1:51364 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51372 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI49002\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI49002\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI49002\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI49002\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI49002\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI49002\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI49002\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI49002\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI49002\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI49002\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI49002\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI49002\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI49002\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI49002\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI49002\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4432-483-0x00007FF98EAB0000-0x00007FF98EAB1000-memory.dmp

memory/4432-482-0x00007FF98F420000-0x00007FF98F421000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9oWgNZ\prefs-1.js

MD5 3448eca234519180337d221d127da387
SHA1 b17caefad3f7e8be2e554e2d10fa1a5a94634295
SHA256 0e7342da501be471f396f0e11244fba9ad62dcb998d30d157cc66e608c435099
SHA512 d63175bdf1f1bdfa31c51dd1d516dc94d74a16d74138ad4ed3d6467b66e20101f33ec54317c9b853fb4eda3489505182b9a7731db4c53a80e971500e3219b06c

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9oWgNZ\extensions.json

MD5 2aec750c15430444421c447e291f9399
SHA1 e334d2a6410b2722dd6f52c43e9b3700c1628f7f
SHA256 3ccb64d8db294c8b8352ba295de25aeb34bbf85da5450f011906e1b93620d461
SHA512 2ea3e58a1c8fc2ee14adcd4d68e6856026f4c3bc6002c7439ab754685bbfe71ca862214a7519e1c8da1774b247a00b1a0ac8aec6bd3ec5edde73888bf87d6b3b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9oWgNZ\prefs-1.js

MD5 15a94632f8c348d746744b1cc5d144fd
SHA1 3d96e3702c198ffefa41729abff5311f551762cf
SHA256 5d13335d45c5c00bd7836fbf496114ca25787964f21cfb23accca3c2cba36654
SHA512 8051d2adfcbc4a19fbe7e085b9118508150d9fe0fac6d1a02732e9a97aee40663a71c171bc2f7cd60f59c87be3fbacfa2fe3fcea74b3a623f19e0a80f151c46a

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 24436484bb21db120ada9f50b979e959
SHA1 0c78f3dc8f0a83576b6f6f79f46522bf27936993
SHA256 53e5c118b134aff30c29888e7c7cace0b605d909ee9a66522d578612e4de0a77
SHA512 fca89f864f17f4049952c299a71a3bda19a6439533760fa24f95e8ae47c31f8a65f243c9c62c4c4525e6453f34c3899ab4ce278493a203c2b1cad58cb50ab27f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9oWgNZ\prefs-1.js

MD5 d94b0a89cc47e19ab3545d2dfa3d42bc
SHA1 ef6ef8dda89b6488571e5c0f04e2a5e766c21159
SHA256 da019fdb7eaa6b7d0ebca1f25d64abbb4a2f03ff97bdf80f8d4b6d44be269c2a
SHA512 5c378d60aba7cd92053115e048044fca280b5348389befa47dcae30883f1827eb152712e70398306e4a00fc958c144e24df5449d2c48e4a025f88296601d4cd1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9oWgNZ\prefs-1.js

MD5 abc660d509c0952c74585b2bd3222893
SHA1 9ecc506d0b52150d63e21dcc2dbd87afee57d30b
SHA256 d8facb38f141b1faee216bf715ed9c05c633244fc978c021eea2c8edaf7aa74f
SHA512 037db064571dd3c4c0c0abfd79007ca450a792ec26168ed2e2e5f61d260dfe2d2d4ce96ee0677e13911403847c5b00383291e14f3516c7bd971d2be5b3c4279b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

memory/5516-839-0x00000199B72F0000-0x00000199B7300000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

memory/5516-884-0x00000199B2E40000-0x00000199B2FB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\prefs-1.js

MD5 e619ea90498322b49d5c525201a65789
SHA1 d894580643f58bb1ab63595f74e943544f602f31
SHA256 2a0afcad413ca0abbaa6ee589f0dc93b8cba0cb5cc3097f0fd4f2cf8cb5bfd63
SHA512 18556d2bba09fe830218692a7172ca2d69ad9d700c312c51a88551c4fda4f342420e0c7095070a377a6d707a05cc2542d8e7cb1a9ce0befa3b79040e700a99ed

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\prefs-1.js

MD5 1ff74ff20ab59477198ef813d904d7ef
SHA1 2592a752003b4c4e9b6554240898c731349e984c
SHA256 d8a4c4de64b2502fc65f6ee5bf6ade641944ef6da0c817a1571826242a980c34
SHA512 7bf99eaa039d902b8c2e0406f7d1bb8174606998e838d53967b84f5b502d92b7a7196a3ae5867ac2b928073fd39359c768531efb4a12ee68170fdb1c19da1ee1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\prefs-1.js

MD5 844db71671c622a00ebb844ef4e76b7b
SHA1 7edbc7d00fdc92cb9f6cad8de92a57d04df3e4d8
SHA256 bcd31ab4123176b3ebd95820471ce7ca26c8e67f198d2c7f3a5acbabdd62a1c3
SHA512 8c20e8711708a0e73c9eaaaab2d7606c02cb3f37619ef0ae7f6040970fd61789186a5695979088158fc48d674f0ff92fb6d97c5385016084534fa6be341c198a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebka8Vc\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHn267p\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/5440-1166-0x00000208B7F90000-0x00000208B7FA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHn267p\prefs.js

MD5 0856e4bc718ee7791ba6dd9d0249e437
SHA1 0a3699f07b6c636bd6ab97cfe05c0e18948cad94
SHA256 03d7fae4985b4439cd2ec16882d898c6c8a7208849d6cce22f8714c8efb0afbc
SHA512 8b6e6ce2ec223f537a8e4e0f2906a97345f288fb62455b1e5a481aa89bf97e9a2c3ad8db2dc5226800ef8396c72227b97fb2510559f8c828665e6dc4164e6132

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHn267p\prefs-1.js

MD5 76f22ac7ff3b52b924432395356c1b6a
SHA1 09eaf6e9bd3f8abce8e098959a11b537e06be775
SHA256 52ddd2f956c20e52b07d16d0cb11c87ee19846fcf2c4b136f352f291dc62b77b
SHA512 35fc911f1d12e1576019b25b185685e13468e95bac614851ea079b3250373c3d9c84c00aecb0882b9f83c500d172965e986662050670a47f7aac00661e82a954

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHn267p\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHn267p\prefs-1.js

MD5 6f5df22b03a4423914ebaec55f6f23d7
SHA1 c3c4f406b214ff156217d55fabbffb65f19d83cc
SHA256 d7711bc13cbf87ec854fec7aaa340cd57518d474e70d986e6623e22102a67373
SHA512 0aa2745bb34d1c24ac7b34049445080edd9cb94e47c38c44e641b70ecf0121d37177141440f16615f41d8e518eb7d0dcb1dc1a59c303cc64e49ea7508874dafd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHn267p\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5E32oL\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5E32oL\addonStartup.json.lz4

MD5 1beb1185b39b6a135001241e894b7d41
SHA1 d1f4f33337c74a8b6127333dac8890daef77d668
SHA256 6ccff5b3bb3476fe6b91efc70db1864440a7cbb4999efba29413565e434209d6
SHA512 da1521edcb04ca7ae51680c2064297ee692ae80b0055fe37b4140c1986d8cc46d4703866966ffe423e8942ff2229fbc07df562080b24c5ba4c029b85efe00bf0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5E32oL\prefs.js

MD5 249c3d29fd302d221690d1e12315c625
SHA1 2a2396e6d05ddd40b5fe2cafeee05f9f534b7c0f
SHA256 135efa70711e9bd9e44d4aefe04e9741adbd7ab396b32e04bfecd17be510b6c9
SHA512 c422cec31d0799e2ddf468929ff3f077af916968af83541a4291f17dea2dc064640834c98a98ff7fb0f234ee921cf8d3c65617b7f070b3b8b7ad3d9290ca4e1e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5E32oL\prefs.js

MD5 304d865727841a8c2b659ae589e18caf
SHA1 3fcabbb1473808317aba3fd3a3ab3dc100b8118e
SHA256 a03a9861191ff125db667fdc7bf0c91acb2a4aab7a29a9d4d6f09d9eecb14aa7
SHA512 7a2ff4ba46a5bc8b5799eec5a642575ccda5d18502bab7fd2d9f38f90f5add344a1afe97056e8d140bd46cdf8a0d71f7f9b7abe111244093ffb6b3b6f0a83ef6

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win11-20240419-en

Max time kernel

301s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4976 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4976 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2844 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2844 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2844 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2844 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1912 wrote to memory of 3960 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1912 wrote to memory of 3960 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2844 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe
PID 2844 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe
PID 4408 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4408 wrote to memory of 1260 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 1260 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe
PID 4392 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekQv0bJ

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekQv0bJ

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.0.1072575057\52367952" -parentBuildID 20240416150000 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {44ef63dd-8045-46cb-ac7d-bff4438222e4} 4392 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.1.730184561\1803859112" -childID 1 -isForBrowser -prefsHandle 1416 -prefMapHandle 2668 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {297cf207-f727-46f1-88d0-bd5cc11e80f9} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.2.1356620528\653010266" -childID 2 -isForBrowser -prefsHandle 2328 -prefMapHandle 2560 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {eece2630-909d-427e-aca3-0343f6c2a1e0} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.3.1129847608\1051972227" -childID 3 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {26b2ca24-2d2a-4b41-b2f4-975fab993498} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.4.684717895\189718381" -childID 4 -isForBrowser -prefsHandle 3800 -prefMapHandle 3788 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {cbd3bd2f-2a19-4ea1-a6ec-8ac6bafb4b2e} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.5.767604412\1234002545" -childID 5 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {79ec2485-40ac-4101-aaa7-b5dee6d334c3} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.6.571418513\1548534735" -childID 6 -isForBrowser -prefsHandle 4220 -prefMapHandle 4216 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {94e27752-5db3-4ea6-9856-43179f846819} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.7.468581521\1558490687" -childID 7 -isForBrowser -prefsHandle 4172 -prefMapHandle 4168 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {6025164f-9bcc-4470-9e5f-785c0d0b10e9} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.8.1736320795\443929513" -childID 8 -isForBrowser -prefsHandle 4872 -prefMapHandle 4524 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1320 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {96e24ff7-b951-4fa0-ad65-3e01528e81ac} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.0.817014987\439162749" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {67c559dc-f1c4-459f-9d01-fe328f0d43d2} 4704 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.1.1230926406\865839802" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2496 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {462e0d61-4ab0-4e9c-9e09-420197de3a05} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.2.164370412\2106131464" -childID 2 -isForBrowser -prefsHandle 3084 -prefMapHandle 2304 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {a4a338fd-d064-4ee7-b9d3-14858079e76c} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.3.458981209\760997016" -childID 3 -isForBrowser -prefsHandle 3736 -prefMapHandle 3744 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {b41af9d0-3450-46b1-9225-5ae594c56ff4} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.4.1950594643\1113346406" -childID 4 -isForBrowser -prefsHandle 3276 -prefMapHandle 2224 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {7561a50b-cc73-4bb0-9dd2-df03c8626e72} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.5.1087778333\984107156" -childID 5 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {83188f42-d04f-4ee0-ab21-f3eb1a9326a5} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.6.1851969128\1555414659" -childID 6 -isForBrowser -prefsHandle 4364 -prefMapHandle 4360 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {6b685bf2-7c20-4ebf-9984-08f17425072e} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4704.7.868780999\905385103" -childID 7 -isForBrowser -prefsHandle 4496 -prefMapHandle 4500 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {4f0e943d-9e86-466e-b5ef-4d980af3f9f4} 4704 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9dUh9n

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9dUh9n

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.0.1581854541\505606882" -parentBuildID 20240416150000 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {af90820e-cd23-4617-9753-679a8dbb47fd} 4184 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.1.1869037675\2047872359" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2292 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {b5970284-9ff3-45dd-9696-b177a95c5434} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.2.55556468\1050994102" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 3004 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {7843a786-f31f-4a82-82b0-8fc9ba069715} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.3.1026236081\1557658440" -childID 3 -isForBrowser -prefsHandle 3312 -prefMapHandle 3844 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {fb360564-0c7a-433e-8590-d1feabe3f4a4} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.4.532534444\137081832" -childID 4 -isForBrowser -prefsHandle 2388 -prefMapHandle 3424 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {81d594d2-abf5-43fa-b882-dfbed9a07fad} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.5.1320232558\476079016" -childID 5 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {7ed87220-6af0-4500-ad07-98eabef0570e} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.6.1624335500\638644387" -childID 6 -isForBrowser -prefsHandle 4172 -prefMapHandle 4176 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {cf81e881-040c-49ec-aecc-d2fe0069da40} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.7.1975473081\512477892" -childID 7 -isForBrowser -prefsHandle 3512 -prefMapHandle 3516 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {9e34268e-82f8-4881-beb7-996afed6dbf1} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.8.1452757673\733978733" -childID 8 -isForBrowser -prefsHandle 3732 -prefMapHandle 4720 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {d12378eb-2fd9-407e-af70-60d550b0e55b} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4vepLg

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4vepLg

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4468.0.1276787119\87292183" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {71fd0df2-ad46-445c-94e0-379bd8827ff9} 4468 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4468.1.677843129\907325088" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2816 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {7cbf1e11-951b-46c4-b9f7-0425148718c4} 4468 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4468.2.488430963\800202885" -childID 2 -isForBrowser -prefsHandle 2444 -prefMapHandle 2516 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {96248bb9-85f2-44f1-80f3-0a1402c1885b} 4468 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4468.3.579964293\1211730325" -childID 3 -isForBrowser -prefsHandle 2736 -prefMapHandle 3552 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {e8b42c16-7843-4a17-9b30-a22b824589fc} 4468 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4468.4.831967810\2000247042" -childID 4 -isForBrowser -prefsHandle 1560 -prefMapHandle 1556 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {edd18d36-ecb0-49bb-b446-c6fcc79d7805} 4468 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4468.5.1756836778\962425890" -childID 5 -isForBrowser -prefsHandle 3960 -prefMapHandle 3696 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {f01f8ee6-2ff2-469d-a3e7-18ce45594ba6} 4468 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4468.6.1720788404\652646590" -childID 6 -isForBrowser -prefsHandle 4136 -prefMapHandle 4140 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {298d6cec-0eb1-4959-985b-6d86dba9f05c} 4468 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb7He2d

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb7He2d

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1888.0.2096434026\1906363740" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {3925dc76-2e65-407d-ad56-a7f9fd600cdc} 1888 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1888.1.120422817\757466465" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2224 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {a7806d53-1972-4909-8cc8-087904377edd} 1888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1888.2.1933161084\658751460" -childID 2 -isForBrowser -prefsHandle 3084 -prefMapHandle 3080 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {0e438e28-bafa-44e7-a7d3-9aa16e4a208b} 1888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1888.3.72766165\1925057179" -childID 3 -isForBrowser -prefsHandle 3716 -prefMapHandle 3372 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {a7c1653d-87bb-47bc-b9f4-df5b1db3c845} 1888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1888.4.1763942354\1984360890" -childID 4 -isForBrowser -prefsHandle 3968 -prefMapHandle 3960 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {1013c326-8dd0-4478-aa07-f9ae29be9ed2} 1888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1888.5.1269275234\1156928194" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 4008 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {21d4e1cc-e2a8-40a6-b88c-30560e1eb7d0} 1888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1888.6.687386489\574122552" -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4132 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {8e010dfc-c911-418b-aff3-1fef39e4a704} 1888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1888.7.1042345458\302541165" -childID 7 -isForBrowser -prefsHandle 4528 -prefMapHandle 4532 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {801060ad-2f32-49b1-a86c-2cd348b4d0b7} 1888 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe --port 50003 --websocket-port 50004

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee0Swau

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50004 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee0Swau

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.0.1029979754\372878105" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {7cb8f2cf-dec2-4303-9c33-2a9ab24afd11} 1544 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.1.61716180\391680586" -childID 1 -isForBrowser -prefsHandle 2548 -prefMapHandle 2776 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {f8d1b50f-6754-48ea-ac43-24f02363e6ee} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.2.1454711387\1072554530" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 3068 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {8b4d3572-f3e0-42f7-bec7-10a33b75353e} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.3.2059577485\1292649993" -childID 3 -isForBrowser -prefsHandle 3464 -prefMapHandle 3636 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {1c5434f6-7782-4f99-9fc1-06ab7fc9a419} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.4.1740534539\469725545" -childID 4 -isForBrowser -prefsHandle 3516 -prefMapHandle 3272 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {7304fd3d-9866-4392-99ce-2e962d8fcafc} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.5.2059532917\229397634" -childID 5 -isForBrowser -prefsHandle 3852 -prefMapHandle 3856 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {af0529f3-9e96-4794-a82d-388f9a82ec3b} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.6.1016114053\1797567514" -childID 6 -isForBrowser -prefsHandle 3960 -prefMapHandle 3964 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {5954fa73-abef-4b5e-8611-ae1a0817d208} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.7.272076956\1187997864" -childID 7 -isForBrowser -prefsHandle 4528 -prefMapHandle 4524 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {0f2ab30f-321a-4809-abcf-2ebd536d1a75} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.8.1907447345\1762406924" -childID 8 -isForBrowser -prefsHandle 8212 -prefMapHandle 8216 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {05967c16-377a-4422-805e-0422c5d93bb2} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.9.2060101860\356423387" -childID 9 -isForBrowser -prefsHandle 7944 -prefMapHandle 7948 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {61669af0-f603-42d4-9514-7e44667ada72} 1544 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1544.10.456021926\967427030" -childID 10 -isForBrowser -prefsHandle 4468 -prefMapHandle 4420 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\browser" - {da24ad23-d77f-4425-acff-6428eb9e6d64} 1544 tab

Network

Country Destination Domain Proto
FR 51.159.181.146:443 tcp
US 8.8.8.8:53 146.181.159.51.in-addr.arpa udp
FI 65.109.120.23:9001 tcp
DE 148.251.83.53:8443 tcp
US 8.8.8.8:53 23.120.109.65.in-addr.arpa udp
N/A 127.0.0.1:50008 tcp
N/A 127.0.0.1:50010 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50211 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50219 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50637 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50645 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50969 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50977 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:51356 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51364 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:51745 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51753 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:50003 tcp
N/A 127.0.0.1:52096 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52104 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI49762\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI49762\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI49762\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI49762\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI49762\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI49762\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI49762\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI49762\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI49762\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI49762\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI49762\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI49762\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI49762\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI49762\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp_lc3sqda\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI49762\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI49762\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI49762\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI49762\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI49762\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI49762\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI49762\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI49762\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI49762\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/244-493-0x00007FF8C3910000-0x00007FF8C3911000-memory.dmp

memory/244-492-0x00007FF8C33C0000-0x00007FF8C33C1000-memory.dmp

memory/440-521-0x000001DF9C610000-0x000001DF9C6E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekQv0bJ\prefs.js

MD5 a56c241010601228ec0309460cca7497
SHA1 9436468a5a39b268748b1ae50ba49839ed27f923
SHA256 9ff6009742539c51e1a7b4f1f2e83c7be84f28cc6fda38ec90bcb85844d7403c
SHA512 4db690681dd4c5d31c3244f3a740a184d36d01fda38be4a77c9959eb537345b6fdca6ed44b0ea49af308c4daaf447fba6427b3684e405fab0c7145b82a0499f9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekQv0bJ\extensions.json

MD5 8aa41a12d47ed4f1ab52f4d2ec7b0423
SHA1 705dbe9ef7e543a5371c57d83bc9f5415eed7e06
SHA256 aad8178392eacb8a5e71c0dbd46eede4b532d7bc7baec105346625b9f0b8e091
SHA512 ad0c27589f31b7a21297e305b8e28f0180d53256b456a7df2ba575377e31417ba12b33638f1ef64e4448316157f9064855db5adc155c1b7e3222a3a319410c58

memory/4392-555-0x0000025CE10A0000-0x0000025CE10B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekQv0bJ\prefs.js

MD5 ca7b65867c7fddf2a7c04263cf4a73a4
SHA1 9f7099dc5972f0fadd8541180226026c04038c0d
SHA256 997f5279ed4f6e1b6dc92507e00bdb9a2cda040880b55dc4b5097e18ec52f9a4
SHA512 483f2ec9243666023536f1fa9d3d3014d782d93c0656abf3b8d96fa3dda172d5c9010b71887b44adb28827ed454c7733dc7914a23a527a2dd64b2db92dfc6569

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 c8c33d756754a295bad4d21fd6d9468b
SHA1 a4863a95b5440ec6e770e133a550fca9e5779826
SHA256 67e74cb77e79cb988b4a1636c12c880b968165f81b7c7d59402d95c200e7cadf
SHA512 0a57548bab7dafd67c942741ea5c1b7c4603170d66932ddb990a35dbee43b3b6095d31c46310ace8aee590d3a2fede2eb2db414b9c78bc017414b909b4100949

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekQv0bJ\prefs-1.js

MD5 97af2321f20b2cc8a04aab117b19aba6
SHA1 9e804b3bb2ec5741fcc2403ba86d10be8f8c692b
SHA256 c9f12a860ca0d273358257c6752db0aef7d939c24862f25c3ff74dc222fffd05
SHA512 9bc28f1d8b8aadbcbd99e2d53cf034e393de17458d0d3ff705dfe7fe154bad5739f8128fdb43f50cd68cba705cc1ef67a3017ea358af702179d8ca741b15a62b

memory/244-647-0x000001F6AB000000-0x000001F6AB0D6000-memory.dmp

memory/1952-665-0x000001E451480000-0x000001E451556000-memory.dmp

memory/1720-664-0x000001CE81500000-0x000001CE815D6000-memory.dmp

memory/4052-667-0x00000268D7270000-0x00000268D7346000-memory.dmp

memory/3876-666-0x0000025B1CAD0000-0x0000025B1CBA6000-memory.dmp

memory/1448-673-0x0000024B41100000-0x0000024B411D6000-memory.dmp

memory/4752-686-0x00000205214C0000-0x0000020521596000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekQv0bJ\prefs-1.js

MD5 d2ad830b1f1db79d8cd7e622e3411671
SHA1 047d8b7494a2fbc562f8fc82ac439bde4a79c0eb
SHA256 e83921a89e0fcb8134bb658a8416607fd58cf16c7838f18381a06bfd864a35da
SHA512 fec3b88966de5c9e4c3fe0dcdf1bd90e8115800b9de3079baeee63ca0e9d0bc02155a83ddebbe3f8b1da58fcfe5d0e86951c87fd09d6658ab0cf2d0f0687ab79

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekQv0bJ\prefs-1.js

MD5 1e2717578ba9f01d06071bb208dbd51e
SHA1 2024da0f078e2af8323e504971ef7d083f8d97a6
SHA256 f6113f3aad877e479bc6b5434877769ba63c1a339e4948bce1388321653d49a7
SHA512 ce36df2a98acaa7a48d9af78a4abef080e46cfa8a3fb825eb72f600171e25c4dcd570339f499350a880a92ebf3efbeb0574915c41fca12e5f65625403b4cd837

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4808-903-0x000001B792820000-0x000001B7928F6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

memory/4704-944-0x0000026B558D0000-0x0000026B558E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\prefs-1.js

MD5 fbde5a0609c908bf65d088b6d3681bd1
SHA1 ed9610dfc5f592445f4d3d097f611e8b18e4728a
SHA256 da8f30c705c2a466f85c4c17c1fd07428c2fcbf713dd89402fa5a583f65bc533
SHA512 b4725dc935bfd59e286b05a4dff0e65607e39c5c2d25c31c59474324fc35302d22d33d53b636f3d76727fdf6807e214307cdeb1970a81322ed3a64c9fc33f515

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\startupCache\webext.sc.lz4

MD5 d0284d10ec2c0f50ccba9167a4ed9ba5
SHA1 a78901c7c9d2e8e9eb1d6a49a264715a5367a820
SHA256 25248ba2072c6ecc0bd7c13d095f9ccfd0cfa6fd29cc157f8e1bcb121c750718
SHA512 58e5e61211e3393b1376c6a5a0ad380bff5c4eb98f7cd434f163ebd7044bd803eb41485ebe2ba9ddbedfc651557d0515ed661eaaa3c87eced0a4a61dc73474b4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\prefs-1.js

MD5 a7225432038b736eb9fc55a330eedb42
SHA1 295729985b53d9bd79852d6b3f07ce5930afeb13
SHA256 18b24b1a91d7bd9dad327496cd1c7296aaa41c33aa5181a7aa6b0d6ba968e640
SHA512 b2142635fec02c34bd8560331d5a139a4f108763aab8ead9d461aa080e20d6314c73b63f61ae552a908f1df4b860b6e814ed9f2700b280f05093d1c80a354cc3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebI1NEf\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9dUh9n\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9dUh9n\startupCache\scriptCache-child-new.bin

MD5 f5d1636ce3602881a361d6b4ef15f97c
SHA1 6976e01e8f57aefc8a626d3b8967aa3a056930f9
SHA256 01565f73663b891f84d82db21727226d9d0c622d3a43af33a0aa332ebf56d27c
SHA512 fb0525447422216487f6b2cd6911a831af358f5d8fe97742db91541085e230841bb8a70460ebe29de85fd34020ccf4fd510719fad646338431203f23a14ea0bd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9dUh9n\prefs-1.js

MD5 09d7ee07e36d60b67fc34c3e3545354c
SHA1 5298c0ce6dd1c72933cde7a2ce36e45d07756070
SHA256 45651dacc8974ff59674e131610c87f5ec27bc56cb2636c2eb64c8fc9d35cb03
SHA512 ae182d2aafdff2f4a6045b77f49a2601a200ed52583a8a24e1e9159d8c60044723ae5a0a610e71f701ea56d9b31673de5a618e6c5c96e3c47f9dd7f59a393e27

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9dUh9n\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9dUh9n\prefs-1.js

MD5 ab640e5e95fa7beba5d6f2ba59c834f0
SHA1 c4715794528653b0056a99d37911d5884c7e207b
SHA256 418fb793c9faa0298ca6d7ab2f5e528622508ed3493539f5c8f99dba573a2480
SHA512 a9840d8c2880cd1d8eb5c0c2d37e53478f231a3ef51299c49ce77bd6b6737110a3217955040af5079f3e34c44ed52d1a1de58c03e7c1676eebdddb4755ceaaed

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4vepLg\prefs.js

MD5 825d1dff7fcaeca16fd9fba75bb3b4b7
SHA1 951fe64ec5d690f1844c73024ac4a3690451bebb
SHA256 3e1a0d1407bcd5ba96ec2293f5813fe0d02ef409d485a1c7d0e21a0c92b80fee
SHA512 317013b43a5facaccb96a2c5c10454a4098f9eb2c93ab4faa8189010c1b30aa36f1674a7556339d1b5095510afb2064782740361a7d33bcbc7c77fc86ea5d28c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4vepLg\prefs-1.js

MD5 fb5e3a164771d719623dfe3c984e0cd5
SHA1 b056940a85fef0cca21f4828aaee5d4b6e255f9b
SHA256 5d5e4e613f5907c40c8ae3eac35e23c6a16e85ae926130663f3637e831aeeda8
SHA512 643cf8d0673795d3aae693cf4dfb7f8d41ddc21ecb5959d9e7350ced042c945d7a9b5083dfe92544b6a689ce77f6f9003aa9e2a26697ce1c0dd2f562f5b3a092

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4vepLg\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb7He2d\compatibility.ini

MD5 ff5860cbf819403b5c5f80638d82dbab
SHA1 b708bd81db632cb49fbd407897a0e1453649cbfd
SHA256 73bb2af630f8775d7ff0471bc1f33881271b5e31e331ada5760e6faebbe4d795
SHA512 01f8f337f1ff47ae7baced21dc9bf67fcc90b9c27a47a0614e7ba31725e554dccf315c8f70a164348313998b8d95d83cd8672414e6a3dbdfab348ba54ecea345

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb7He2d\WebDriverBiDiServer.json

MD5 479915382d1d97f8157cf7bf839aee74
SHA1 714d15bfa6832f9b9e1ca1d8f9a9201743fe8030
SHA256 fa2d76c28ee55290799cf8dd2c6507748c8caee64a004681095b8159f3d354b2
SHA512 f990b5591154a557f6dd095506a45d0ae151d3b39390249c2eac91de70647b0160c5a7fe45db36100f6207cf8d98219d6d02e3b0cb89dd7b9828c8f22f9ac815

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb7He2d\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 95c31cf4b28588fcc262f8180ca1c4e2
SHA1 9cc5bd01f2ee39f47c271b5b52feb54cd055b95e
SHA256 87586251ae666f83d1627c9914ae416ac430bb0d4b76e8c8768dc32aa984efaf
SHA512 803a0169528f1a161c185c297435a1c0c2ca72c71699b6aa4b4b0d59d65b44407437d85a9bc2de46116ae6459ec02a050e789319052004652870413fbaa373ef

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb7He2d\prefs-1.js

MD5 2f0f50de24b5e2dd5a5d55919b1655c7
SHA1 df8d1b3577b4a3c22d3f34997d90b4ca691f5468
SHA256 0029c28d3ed5aef10ed76b539a7c3c4c5ec9fe89a0e6fcec6bd4644612d264dc
SHA512 82a79eafb4b0a0ec322d0535d3b215e772df75f58d44465af398d4fb9b4fe2618d0aaf34cebef1d49d5a72db5e0a9c9fb3f1d5b5c6d78c802b6c78187dfd7615

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb7He2d\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb7He2d\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb7He2d\prefs-1.js

MD5 3e998d0398bce7eb4423413b90afcb1e
SHA1 b78535151c11049bfe3684871913d703e5d5bd42
SHA256 0728fa371d9f16c10fe1e1ed07c30c1ff55a720ac5873e5005d3cd0c31682267
SHA512 61c5378cd235c18ac9465cbd2b06818ad0fb8415ba84598762539dccf5db750897b5b62ed65a93da6214b91e3d9eb1b80dd48691c97ea38396fa0d4e522bc35e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee0Swau\prefs.js

MD5 901e600f218982c37dbc74b6c6062c94
SHA1 cc4367386afb5800da57636bf90b31777ce17318
SHA256 2a562f5b87a8a6bccf8305ddb838fbb0a0279b382e5369769474b8dbaead81b4
SHA512 306ec5a75e1841ab116d9d28e7009b038308b28ee14d7be777c48a78b9c7a83fb1b71d552b0a03226ba17d83735ba1bf6fc77a03eb3af7246e77c28702c14681

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win11-20240419-en

Max time kernel

297s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4340 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4340 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3612 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3612 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3612 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3612 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3968 wrote to memory of 4512 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3968 wrote to memory of 4512 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3612 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe
PID 3612 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe
PID 2312 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2312 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 4204 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe
PID 2944 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CP6Dq

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CP6Dq

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.0.919253022\2106096426" -parentBuildID 20240416150000 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {e3493e82-09af-49d3-981b-4db67e1c6bed} 2944 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.1.1207849802\641654984" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {caf734a3-89f7-485c-94cc-528731c2b119} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.2.1337536553\737486660" -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {b3a55047-f7e5-45c0-8399-9280431217b4} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.3.58831679\1020740982" -childID 3 -isForBrowser -prefsHandle 3392 -prefMapHandle 3312 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {120c6472-028d-4711-ae94-4aecc8df175d} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.4.441295323\1149700668" -childID 4 -isForBrowser -prefsHandle 3808 -prefMapHandle 3696 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {80d3ace6-1676-448d-92dd-1c133abd2e47} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.5.1329691050\984090930" -childID 5 -isForBrowser -prefsHandle 3324 -prefMapHandle 3340 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {c7c1f795-bfb8-498e-b607-3e0d58998cb5} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.6.17437893\612117250" -childID 6 -isForBrowser -prefsHandle 3156 -prefMapHandle 3120 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {d1a5097d-5348-4051-9fa3-be3e2629fc2f} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2944.7.107458201\1014911574" -childID 7 -isForBrowser -prefsHandle 3340 -prefMapHandle 3156 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {065232af-1e78-443a-8b36-60c7563a241c} 2944 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="716.0.1352354143\1855347048" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {5c1cc179-7407-456c-addc-0cb4e3890833} 716 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="716.1.845271577\98367383" -childID 1 -isForBrowser -prefsHandle 2192 -prefMapHandle 2448 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {da59377e-a09f-47a9-882e-9e06b5015c68} 716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="716.2.1137229131\1915369683" -childID 2 -isForBrowser -prefsHandle 3052 -prefMapHandle 3044 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {18985969-930f-43c0-ab86-4f2645676b07} 716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="716.3.717069953\1207092983" -childID 3 -isForBrowser -prefsHandle 3576 -prefMapHandle 3496 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {44b8d5d0-7295-42a4-ac76-552d071822a8} 716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="716.4.898396423\2034548767" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 3280 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {951ae56a-81bc-4fa0-9242-de123c8ac1da} 716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="716.5.1869534046\107153689" -childID 5 -isForBrowser -prefsHandle 3064 -prefMapHandle 3832 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {265240ca-37e8-4ffc-9142-f10d119301be} 716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="716.6.259132111\25026383" -childID 6 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {24cc0b7b-2333-46f3-b253-a708052ca091} 716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileviDNYF

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileviDNYF

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2320.0.1106302937\894983197" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {4fcdb907-1830-4311-b871-49d81a2ab35b} 2320 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2320.1.973534538\1283096431" -childID 1 -isForBrowser -prefsHandle 2684 -prefMapHandle 2856 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {9b2a54b6-c923-4d69-86c7-9a1a664fe6fc} 2320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2320.2.1394937713\980057631" -childID 2 -isForBrowser -prefsHandle 3104 -prefMapHandle 3100 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {2bc7f8ad-06a8-4148-8949-6c2118aa74ad} 2320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2320.3.2065323930\1067763098" -childID 3 -isForBrowser -prefsHandle 3524 -prefMapHandle 3464 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {7d01fc12-a4b1-43fc-befc-f2c3eb1d5332} 2320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2320.4.221061726\1499266667" -childID 4 -isForBrowser -prefsHandle 4084 -prefMapHandle 3140 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {b17ce0e9-53fa-4703-9822-a3ec1b9c41b6} 2320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2320.5.1244763680\1233958207" -childID 5 -isForBrowser -prefsHandle 4200 -prefMapHandle 4196 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {72dfb5a9-bdec-4b8d-903f-dfe915206a1d} 2320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2320.6.457391877\2075402240" -childID 6 -isForBrowser -prefsHandle 4384 -prefMapHandle 4388 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {a1aad640-1b91-4059-a79b-8615fafd6e15} 2320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2320.7.1517055774\2042809798" -childID 7 -isForBrowser -prefsHandle 4204 -prefMapHandle 4572 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {5ef1f362-80d7-47a9-82b7-53a9dfd7c55b} 2320 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUQ4QtO

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUQ4QtO

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.0.2116710853\479365201" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {d75c5151-cdd7-4598-ad9c-85a2923739c5} 4840 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.1.668475553\1638840071" -childID 1 -isForBrowser -prefsHandle 2292 -prefMapHandle 2820 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {0305d094-282d-4745-bc37-102d24fefd0e} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.2.953419833\1554386058" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {ea2315a4-41b7-4e2a-8afd-1b8b5439d6d0} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.3.1871855125\119094839" -childID 3 -isForBrowser -prefsHandle 3492 -prefMapHandle 3476 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {2dc2269a-a834-4997-8c48-c4555ce0afd3} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.4.686327398\1671333844" -childID 4 -isForBrowser -prefsHandle 3468 -prefMapHandle 3464 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {1bb68b5e-c2d2-4d6c-bd47-e79f032f52d9} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.5.1774234383\1898739031" -childID 5 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {ded54108-8a97-4aa2-9300-8922b3cc6cfa} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.6.1185174560\262003992" -childID 6 -isForBrowser -prefsHandle 4208 -prefMapHandle 4216 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {b6700483-b4c4-4455-897a-7ee6a543947f} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4840.7.1978839603\449912151" -childID 7 -isForBrowser -prefsHandle 4496 -prefMapHandle 3048 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {40e80130-c9b5-440b-9ca2-d585768026fa} 4840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4576.0.1921897076\1232084576" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {7bbea34b-2cc7-4e3a-a0a2-6d7cefca4c0d} 4576 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4576.1.1729336446\578626463" -childID 1 -isForBrowser -prefsHandle 2520 -prefMapHandle 2824 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1376 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {c3377335-3f66-467f-b517-3643a53afdf5} 4576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4576.2.1874077230\1448033958" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1376 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {85f97fb6-875f-4f58-9775-e4f4dd4eef7b} 4576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4576.3.1787899960\1998845177" -childID 3 -isForBrowser -prefsHandle 3400 -prefMapHandle 3212 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1376 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {0ed6d23a-8e9d-44b7-bae3-2108668b26a4} 4576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4576.4.921466778\503458084" -childID 4 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1376 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {b549d346-a0aa-4272-a86d-8ed9730f50dc} 4576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4576.5.917882607\796447252" -childID 5 -isForBrowser -prefsHandle 3304 -prefMapHandle 3136 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1376 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {2bbd1512-c7c4-4995-b876-31e191b76e2a} 4576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4576.6.442805580\51372668" -childID 6 -isForBrowser -prefsHandle 4020 -prefMapHandle 3932 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1376 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {a0b776e6-6b2d-4b47-a7a7-9891b9d18341} 4576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4576.7.916211156\102441962" -childID 7 -isForBrowser -prefsHandle 2688 -prefMapHandle 2684 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1376 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {84ab4abe-e130-4c7c-948b-33f0e40da59d} 4576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="4576.8.773947450\1263564438" -childID 8 -isForBrowser -prefsHandle 2688 -prefMapHandle 2684 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1376 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {9b7dc642-7f37-437b-8ff4-915d322bfcff} 4576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3dFeuz

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3dFeuz

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2260.0.2126967958\348241373" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {ea0efde5-0f78-460e-ad71-7c407157195f} 2260 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2260.1.1357064975\534970490" -childID 1 -isForBrowser -prefsHandle 2572 -prefMapHandle 2948 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {afb81f5b-4526-482e-b45e-4c916165af72} 2260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2260.2.1761722311\1864770921" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 3068 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {f81c90c5-a80a-49e3-8368-c87e0bdc188b} 2260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2260.3.159014830\948377607" -childID 3 -isForBrowser -prefsHandle 3552 -prefMapHandle 3556 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {374482ee-3fde-4236-b94c-fa5a5e430615} 2260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2260.4.395496191\1156285569" -childID 4 -isForBrowser -prefsHandle 3788 -prefMapHandle 1560 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {df601fd1-17be-4f29-a2e9-634184b548d0} 2260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2260.5.430849606\1031060845" -childID 5 -isForBrowser -prefsHandle 4024 -prefMapHandle 4020 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {f3d110e8-c6f6-445f-97b1-4a3559672e08} 2260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2260.6.1509911034\431382756" -childID 6 -isForBrowser -prefsHandle 3996 -prefMapHandle 4004 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {76fa67cb-955d-40b5-9618-5776b8682ca4} 2260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2260.7.909457598\789250840" -childID 7 -isForBrowser -prefsHandle 4468 -prefMapHandle 4152 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {cbe77335-72e0-457d-920b-f4785e787251} 2260 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe" -contentproc --channel="2260.8.680911417\890242371" -childID 8 -isForBrowser -prefsHandle 4260 -prefMapHandle 4256 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\browser" - {b2334e29-4597-4c9d-86be-921dd7c49115} 2260 tab

Network

Country Destination Domain Proto
AT 140.78.100.23:5443 tcp
US 8.8.8.8:53 23.100.78.140.in-addr.arpa udp
FR 94.23.168.79:9000 tcp
DE 185.237.253.222:443 tcp
US 8.8.8.8:53 222.253.237.185.in-addr.arpa udp
N/A 127.0.0.1:50109 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50215 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50224 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50727 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50735 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51037 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51045 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51412 tcp
N/A 127.0.0.1:51420 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51784 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51792 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
DE 185.237.253.222:443 tcp
DE 185.177.229.15:8080 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:52232 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52240 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
DE 185.237.253.222:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI43402\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI43402\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI43402\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI43402\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI43402\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI43402\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI43402\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI43402\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI43402\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI43402\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI43402\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI43402\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI43402\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI43402\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI43402\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI43402\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI43402\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI43402\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI43402\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI43402\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI43402\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI43402\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\tmp6fshdcil\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI43402\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 60565f08d3ea29f69bdfa9e3f4aca28f
SHA1 a84b2f820e00af31a70b6a3707cb05aa595fdc1f
SHA256 9a8cba091ed052d92224f4997433738adbe5c25ffa36a8c7dd04962ae311429d
SHA512 4cce5d6d24d44758e6a473c5293c0e9e5f786faf8ad9b160cb23582559284d256eda10e621abf5c9f23c3aa850f93c328a2610d62c64887a564c2901f7f203ee

memory/3296-500-0x00007FFDEAF00000-0x00007FFDEAF01000-memory.dmp

memory/3296-499-0x00007FFDEBF20000-0x00007FFDEBF21000-memory.dmp

memory/4060-534-0x000001F324B60000-0x000001F324BCF000-memory.dmp

memory/4060-535-0x000001F325100000-0x000001F325478000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CP6Dq\prefs.js

MD5 97c9cc54995dd15e60f0c9600df2ad65
SHA1 56999166c983e371e71ac03ee0080daf99f93f75
SHA256 0846e3eb45ffef259529b8815b3735b5661e0c76fac16fab99b76a93827f64ca
SHA512 c7ad8fab9fe6e256e4ba3eeb38b8d89662730b35460caa51f0cebcd01128f0b5a9ae28b67da24475209dd5fb2d90f3da48393d75c174e90bc6fbe24e5df65dda

memory/2944-556-0x00000287D8800000-0x00000287D8810000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CP6Dq\extensions.json

MD5 1a93bf1ef0a09713cefdba6ca2fd65e3
SHA1 593f600387e0766edcad99b5cfd9b271f733e1b6
SHA256 812cb884bb54512ddc9e96dbcfa2ea38caa60daba9bbe46721be47603e0bc691
SHA512 fd5f25e15275d0ee22ad49ba38f908aef26bb2c5fac0d9075b4794c3206398cef0baedaa4eeee3dd6b643eb6e406d6948e7a25538801ef0620957c6a03468a1d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CP6Dq\prefs-1.js

MD5 7ca41e444dbfab9918176cad5a7ace9a
SHA1 e8a493e1f497134b06a070f77af376de93ce189e
SHA256 3fff8869e52ed9a91ba225b77eb6c90a0e137da949daaef0de49de919671e98b
SHA512 8cb99b2e135249551e6c1972be0a78d1f7482a0fbeb0183ccb44e91f683a420ecf29e5b05773603133ab4c580e80f141ef629f08898d11c7d5d578e22f2fc2bc

memory/3296-616-0x0000020A96FF0000-0x0000020A9705F000-memory.dmp

memory/3296-617-0x0000020A97600000-0x0000020A97978000-memory.dmp

memory/5032-618-0x0000026832470000-0x00000268324DF000-memory.dmp

memory/5032-619-0x0000026832A00000-0x0000026832D78000-memory.dmp

memory/1332-620-0x000001E21A3C0000-0x000001E21A42F000-memory.dmp

memory/1104-623-0x000001648FE00000-0x0000016490178000-memory.dmp

memory/2768-625-0x000001EE34200000-0x000001EE34578000-memory.dmp

memory/2768-624-0x000001EE33C20000-0x000001EE33C8F000-memory.dmp

memory/1332-621-0x000001E21AC00000-0x000001E21AF78000-memory.dmp

memory/1104-622-0x000001648F750000-0x000001648F7BF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CP6Dq\prefs-1.js

MD5 9a151d0fff4d26ecf6ccb3b4cb6b83dc
SHA1 8dd3f5128e683384fa4316d54710e7bf3fd4b0de
SHA256 fe74d4e591f6624e28901eec6993cf298095c9fdb76062e029af4580e3ad42be
SHA512 b9a1c9e52ab7d9cbad035060c5299985096fcc752b4f272b7aa4451a684bbd96769134708dfb7dd7cb67f347d04ef8e131ec995ce3a0c4d3544d7d82c5fa2cd6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CP6Dq\prefs-1.js

MD5 ed45dbac2118505c7e2426bf4d738815
SHA1 4583ff4e6eb33ddc679a428edfeff13b8fffa3e3
SHA256 b166abeddccfc578b135609c007f1cefdca4fc890641ea8b7d8fbf51e38dfe09
SHA512 b3eb67a959062a27328e9d904087a6c41f86f4123c3effda2f6aedba84c1210b58d7ef0af24f92be3d17546a9916c6433aa3a14b66b33e5848744f89e453a945

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3CP6Dq\prefs.js

MD5 58ae36bb4105cf768829ee38ca92832b
SHA1 c4ca97ee9a65a89eca7ebc4d6326c2a93159abba
SHA256 08e6206aed7735d5be29555c2185f7fd8081a8aea2d672db09630ef301ba1f87
SHA512 788c13ca303eadd1aa056316000017d183cd655bea8d09f2fd6989f8e398fc520bfa8aa25bbb631469576132079ca312f05a5037d72d73bdfae38dec082dc57c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\startupCache\webext.sc.lz4

MD5 1064fceb2443b4852bf9a0fcc46efb2d
SHA1 b2d358bcb336e924f684e9cce5c95adf1c8eb440
SHA256 0ceb2a20ec4e75f2e13fcf7bc0682db4195c6c60f45d640b55e12cddc97b01dc
SHA512 b555106f35963a2aad42521c3b65cfc31dd9729ea3a08a432d05fc149587394b94e0be7ac5511878ac11021d2b0e45962cf7de05efa874b19dc3589d1140f1a7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\prefs-1.js

MD5 824bf25151556ec8dd6e37655f3e179d
SHA1 652261e8d919314e700eb5e17f67d57301d2eea3
SHA256 bfb30d64fd5d4ac153305eeaf6d5a4c845834017f51d17c520ef050526028259
SHA512 0e0b1bf74568a30ad72858a1a79912b811ace60c8e7a81482d1d05cdaaad8d6472094e4a8d09f6eaaf9c24647bf7d23a637d4f70536904ce3d26ee105540a54d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1iZvCa\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileviDNYF\user.js

MD5 350caf143499628da6207499e1a8a6e6
SHA1 191db005d42cf76e3b5306dd324a9775016bde7a
SHA256 79b595331d1d70f227e23872185f6968c8dbb87e94a0b7d7107ea0c732b04183
SHA512 c3f67293ebd9be2ecc89d8d7dd437e1dcef45000c508c128335544505b106506bee2ed0d445a8e33de0123b2be065bbe9ba092548f4821dffc0409eff338966e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileviDNYF\prefs.js

MD5 ace28ed1d7b81923d34c3285a73b489a
SHA1 8b70993af0f8c3f639f179d9271371052672a1fe
SHA256 47ddd73cb333572cdae2f7c55eebc1435b97950bc263cf3e2a1e9a8578e71ffd
SHA512 12831472252a7e78fbfa93133c60dc7af5cd1392721a476bc4001310a3b138e17e453a7a6f85494aad3fc7492c638598365f20ad4ef18f353f7f90849b16a6ee

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileviDNYF\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileviDNYF\prefs-1.js

MD5 eeba6aeadeaadc9e0df466bb76522741
SHA1 15f60a1506a282e2a2431973d63a0acbe8484651
SHA256 08baf6d00c27a49cfce299e08f4ef2cb3b0e8b40324e868a45f30f600e502138
SHA512 6786489068a1d4c9326a9abc456b59eb1b510777bd8d1349c7a7ae760b65b4a32ce852473c9fd5d4e2acde95a93456dff4b5bd81233a9a1dcba6f3c66d3bd569

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileviDNYF\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileviDNYF\prefs-1.js

MD5 967c93e30bb3723fd945d865d22d9445
SHA1 3a5561e9b47f960100f55c03ca5150905976cc82
SHA256 58d704eb16f3d69795f32444e5ddfa66d2e047a6db65a231f83e15e848f13921
SHA512 6d79724c72d865606c85024f7d9e94c4615e5d6fc6a09c8b84474bcbaac3b600dcd3ad424b83128c31a7003bfff6e0109f9afd98da925ebc8fe186cadab55232

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUQ4QtO\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUQ4QtO\prefs.js

MD5 d2df6dd154b6a4701ab412129273dd0e
SHA1 a1c7696894611ef0be284825d9f777cf5b447117
SHA256 74148c63770759099ae041e0a091458b20c47b2334cad7ebcb9a372635ff9f12
SHA512 4f1d7e5c94381ea229ba3411c830cb10c4feb4301e2b9da11fc43a96e95714c615e459e8acee7bde8347993944ab4cbd77356575c9740c5a2ad295238ebd9cd4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUQ4QtO\prefs-1.js

MD5 0d218ebe50cb931b5abe9a5d0873fdf2
SHA1 ab44adb87cfa81b0fb3acd78f3007dd59a268c6b
SHA256 1420eb94df0497083d9aaa784566d7e3adbac1e5e10ba3b551c6a78b1bbd722f
SHA512 34ed2495fff88469d20afc21a060801d6278e4ada700f8328bf664c4a552b8fe16d23ac47183d0254eef595d8bfa825a51375a16ff2149317e71d6d1fc78d0fc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUQ4QtO\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUQ4QtO\prefs-1.js

MD5 8ed8f9b317304f5b6805efa9fcac74d4
SHA1 46235280a96f380c7e495b89c51ab41a5dc9e639
SHA256 becb573ecec5995b52c564dd227207a3a0682e270ab31ab72b627591f0d7770a
SHA512 84d7690662ad9d5d1684cc29d40687e5f11e0df45948fd3b0c0deb2d34cc41ade262d828011293747415e8403637711f6d98416855244239620a75e2f9dd6aeb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r\compatibility.ini

MD5 38ebb748ac3902eae6021ef9bc20f3b6
SHA1 ed03ea1ba3ecb3443980b1ef5d1e3e7f89266828
SHA256 0bea846303da7d4c643d62caa05dfabae5c62bef7dc36ede85b58a5a8187f9de
SHA512 6cfc02d40f30611e8d3de06f02d815bd6449068f1c75a80b7f2c7f8899f5ee05380ff91cd20707d4d778f5be2b0918962356bb21ed7f58b726dc0edb19693dad

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r\WebDriverBiDiServer.json

MD5 0cef5cb2c2455e6fa208a9992e2056f0
SHA1 31e90336ba2bb4817e7dc03d7b17db518b912858
SHA256 8698fc7ce51b1a39dabdf354ba91970fa5bc48a83d0f4fcfdbb31c03d7040820
SHA512 8646e3621f4c679d62020f44c42cecf475474743df5f55da0b64f068e8baebb601dac6a5f09577d4554805118480ce3d39451c24d4ef48129a426ad9d29d316c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r\prefs-1.js

MD5 e7d1462ca682afc96491b9a701c606ef
SHA1 f7b4bf7f4303f3258898eaeb58b074e1f9246a08
SHA256 2fd21f4fb4ab5b08600f7f4125745fb1a73570546189d3ccc7cfa8ac2fe3c53d
SHA512 8dc24c2f06306b208ebac3475696c5b47e0e53a438848528eeafff204a88d39710200e99efaa6b8e1224eb68ca491045cd9378c9b807dc5d5183189aff08ca2e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 114322c00217fd0fd92e105ff686b935
SHA1 660bc1c23cf980cd716d653e1a44951f54fb9d9d
SHA256 3777631d847a7d345bbeb9d6e04c02dd5b76e04e7aaf667326d281d0c776e8a0
SHA512 a609f2297072a1b2b45392051c0711c5892cf2a26b3ecc8c66da301c27d188c9be68a33ff7b970f1bf94d6fcd9e3d9521b7d383fc514c456f5daa7be46a0613c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r\prefs-1.js

MD5 6f165199f4c2b48d71e47388377bd964
SHA1 1fa1213a83f3d7b1789a4dab07fcff0c1789bd46
SHA256 bbbfd3460e4f48c8e80849019a023ee85f8ca626fcaf87f9a05e699e53ff0f7b
SHA512 84686e7eb35da9f5d53c9fde7dde4ece5460e3669beb1a62e610ebf25c58a66b4b20db6b7acfed4927c2b019713e493023c0ce49ac13eec3b171878bba91fc18

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJulh9r\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3dFeuz\prefs-1.js

MD5 16d000fc41b45f187d749ab30e9f3a7a
SHA1 6976fa35156c16b9989b511f594a576320ce78f8
SHA256 4c80015f33cf36b0f1d3223bc75eebb6178d0b214098a6893caf1f1a22351870
SHA512 5ed61a421b72ff2c0a3bfe03747e09b6431396f9104364f520ec3526331af5412fdfc8d635e32c46e57434e959a95c62e83131ebce2f729cc4ed71057bf689ac

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3dFeuz\prefs-1.js

MD5 83022141b3cebecf4746f25470b55021
SHA1 697569ee8c7b3fb2cef2422533db78c504369492
SHA256 80e10f857f79bf292fd36c8782ca207fd9d8e8e8fa8ab3c000c111a4d76805c5
SHA512 bc14b194e2025d876dd77212d02059c8bd0a229ca11f1d29d0c4ec1bbda9786558eb6306426f9e30b6fc12f4721d17f4104826cd2acc609c43bc5a5889594566

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win7-20240221-en

Max time kernel

300s

Max time network

304s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2176 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2176 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2176 wrote to memory of 592 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 592 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 592 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 592 wrote to memory of 1672 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 592 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 592 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 592 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1672 wrote to memory of 1172 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1672 wrote to memory of 1172 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1672 wrote to memory of 1172 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 592 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe
PID 592 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe
PID 592 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe
PID 1728 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 1728 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 1728 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2824 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe
PID 2840 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9CwujC

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9CwujC

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2840.0.1570763753\688944362" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {b186b0d5-f5b3-49ab-8490-eb7438ef59d2} 2840 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2840.1.409807480\1774006495" -childID 1 -isForBrowser -prefsHandle 1864 -prefMapHandle 1984 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {f0c567ed-fa6c-4dd4-9997-38bb67a9c66f} 2840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2840.2.1528592481\200868559" -childID 2 -isForBrowser -prefsHandle 2268 -prefMapHandle 2264 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {f75fef08-fd6c-48f9-b1cc-a91892fb2c0a} 2840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2840.3.71925681\2107482861" -childID 3 -isForBrowser -prefsHandle 2360 -prefMapHandle 2372 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {dbfaec0c-ceee-43b3-b127-4f00ad31ee8c} 2840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2840.4.1303839266\1749861374" -childID 4 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {a1c3bfd1-514c-456f-bcf9-05aa0c39e9d8} 2840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2840.5.640882862\182576488" -childID 5 -isForBrowser -prefsHandle 2964 -prefMapHandle 2968 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {1f4505b0-0e6e-4fec-b446-8812df850d4d} 2840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2840.6.1967568186\1605334545" -childID 6 -isForBrowser -prefsHandle 3124 -prefMapHandle 3128 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {d7710e37-af91-4991-a6e0-684bf8bf7843} 2840 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2572.0.200295412\1110204925" -parentBuildID 20240416150000 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {ca78cdae-bd48-4eaf-bcdf-aff7c86b5b8e} 2572 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2572.1.1103165738\2109505000" -childID 1 -isForBrowser -prefsHandle 2096 -prefMapHandle 1992 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {1e607d70-b277-4ea0-9d0a-547ed48e89f4} 2572 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2572.2.354907887\475210926" -childID 2 -isForBrowser -prefsHandle 1944 -prefMapHandle 2208 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {3cab219e-1402-4840-a32f-bf4f9d5f9582} 2572 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2572.3.1855452211\635493443" -childID 3 -isForBrowser -prefsHandle 2516 -prefMapHandle 2520 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {501bf680-3025-4b73-b2e9-0e8a650c8dc5} 2572 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2572.4.532113379\161276579" -childID 4 -isForBrowser -prefsHandle 1088 -prefMapHandle 1080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {9bd5f3bc-592d-4166-9d3b-2861da852dea} 2572 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2572.5.28140327\899707952" -childID 5 -isForBrowser -prefsHandle 2904 -prefMapHandle 2908 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {8582434e-e3e2-4d5f-920d-27e468a91b79} 2572 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2572.6.196988896\84735220" -childID 6 -isForBrowser -prefsHandle 3060 -prefMapHandle 3064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {9a76bce0-e61e-4908-a139-92ba0fa95fcc} 2572 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2572.7.1260110236\197467159" -childID 7 -isForBrowser -prefsHandle 7588 -prefMapHandle 7592 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {c43f5a3d-99e3-4b70-ab73-67761c42c14b} 2572 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2572.8.1749415817\942838613" -childID 8 -isForBrowser -prefsHandle 2748 -prefMapHandle 2752 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {15ed293a-972a-499b-b09b-a6f4da7b8e03} 2572 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwzZCz

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwzZCz

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.0.892724801\1663896738" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {665a9200-c560-4bce-ba5c-e54a12690667} 2852 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.1.473860322\470221293" -childID 1 -isForBrowser -prefsHandle 940 -prefMapHandle 616 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {a0e96e66-cc59-4361-a974-f63863b15577} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.2.730132883\1013484390" -childID 2 -isForBrowser -prefsHandle 2200 -prefMapHandle 852 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {1d3fa6da-a5a5-444d-b8e8-930a158c9c6f} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.3.36227773\1078121396" -childID 3 -isForBrowser -prefsHandle 2024 -prefMapHandle 2468 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {0f368a73-6bd4-41de-b90d-af86a2124773} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.4.2098615552\1804015447" -childID 4 -isForBrowser -prefsHandle 2800 -prefMapHandle 2796 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {2f301f62-13b5-4016-80aa-b905218223e6} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.5.343325942\939984344" -childID 5 -isForBrowser -prefsHandle 2920 -prefMapHandle 2924 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {e8d4f783-2c62-4ef8-84d2-cfcc0fbbf2a3} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.6.1993201423\838624643" -childID 6 -isForBrowser -prefsHandle 3080 -prefMapHandle 3084 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {badaa932-cf59-4541-afa3-2087d2967c0f} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.7.391306324\648758135" -childID 7 -isForBrowser -prefsHandle 3232 -prefMapHandle 3108 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {dc888b7a-6b49-49bb-8931-02c9d522eb8a} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2852.8.236355488\1980559711" -childID 8 -isForBrowser -prefsHandle 3600 -prefMapHandle 3604 -prefsLen 25456 -prefMapSize 245849 -jsInitHandle 864 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {76da11e1-1fc9-42cf-9b06-0ab482cd2657} 2852 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPeGnx

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPeGnx

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.0.1236071386\1886534498" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {fec6913b-af2b-4ab1-8fc7-27e495702373} 2996 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.1.101124505\184873135" -childID 1 -isForBrowser -prefsHandle 1932 -prefMapHandle 1120 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {42732dbd-1897-4de7-bc72-fb7e6fa634e6} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.2.2058138626\1417191865" -childID 2 -isForBrowser -prefsHandle 2248 -prefMapHandle 2244 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {e427d165-5638-43d9-b9b5-17c663a10459} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.3.1375870298\13263234" -childID 3 -isForBrowser -prefsHandle 2252 -prefMapHandle 2292 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {44af6474-c2c4-4fe6-adaf-47130a1ad90f} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.4.662935396\1590330377" -childID 4 -isForBrowser -prefsHandle 2700 -prefMapHandle 2688 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {b4fc0d48-d24c-4af0-96ea-c289d4427d6f} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.5.2093232769\611232611" -childID 5 -isForBrowser -prefsHandle 2820 -prefMapHandle 2824 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {25cc1a7e-594d-4930-9b4a-206f67c56e3a} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.6.16462318\1419277946" -childID 6 -isForBrowser -prefsHandle 2976 -prefMapHandle 2980 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {5b3aea0b-06ff-4033-b1f7-2be92e16bca5} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.7.1084002785\1386576401" -childID 7 -isForBrowser -prefsHandle 3368 -prefMapHandle 3372 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {cb9f9e27-4b90-474c-a1b9-573b57f512d3} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.8.229346458\1056835547" -childID 8 -isForBrowser -prefsHandle 3160 -prefMapHandle 1732 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {87f329bd-f24e-4f9b-8f8c-b01c0193db9d} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.9.1967974646\1699058001" -childID 9 -isForBrowser -prefsHandle 7260 -prefMapHandle 7192 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {454f1ea0-3611-48a2-be6e-f0f20f5ed78b} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.10.1086784968\1281826275" -childID 10 -isForBrowser -prefsHandle 1108 -prefMapHandle 840 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {05b2e474-9124-4209-a713-c122d6ea7a10} 2996 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.11.1337422591\1784628922" -parentBuildID 20240416150000 -prefsHandle 3328 -prefMapHandle 1956 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {7af8bbda-c0b1-4ebd-a501-40231cbcd211} 2996 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.12.853679736\1774456045" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 1708 -prefMapHandle 7044 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {4fd2e11a-33ae-4190-a869-83164881e44f} 2996 utility

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2996.13.378502215\882234331" -parentBuildID 20240416150000 -sandboxingKind 0 -prefsHandle 7136 -prefMapHandle 1952 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {46c4c29a-be60-405d-aea3-3c11b1b07fe9} 2996 utility

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWHYAtu

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWHYAtu

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2252.0.358531249\236960464" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {55df89cd-20f4-4e36-93ae-54ba16029b2a} 2252 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2252.1.627377669\1502418289" -childID 1 -isForBrowser -prefsHandle 2052 -prefMapHandle 2044 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {9b9ecb6f-4c60-437b-afb9-7aa8d4c853ba} 2252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2252.2.960973166\1107622587" -childID 2 -isForBrowser -prefsHandle 2364 -prefMapHandle 2368 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {9d6d8596-6da8-4078-ac82-75f619dbe8cc} 2252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2252.3.998852943\1329448502" -childID 3 -isForBrowser -prefsHandle 2400 -prefMapHandle 2232 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {b3afb482-2063-4f99-96fa-8d08615c2a02} 2252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2252.4.1591990311\45358421" -childID 4 -isForBrowser -prefsHandle 2796 -prefMapHandle 1096 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {8c18955a-bcf9-4815-9ece-af4dca6cfdeb} 2252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2252.5.544903707\1870425097" -childID 5 -isForBrowser -prefsHandle 2948 -prefMapHandle 2952 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {fd872d4e-c3d2-443a-b885-8b47c9f775b9} 2252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2252.6.1007946226\2127957581" -childID 6 -isForBrowser -prefsHandle 3044 -prefMapHandle 3048 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 884 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {bd4ab8eb-1ab7-4ce6-abfa-60ae726e673d} 2252 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNgKK4x

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNgKK4x

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2436.0.822217229\1292294870" -parentBuildID 20240416150000 -prefsHandle 1188 -prefMapHandle 1168 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {3b305390-fcf7-4513-88af-911ef337c9a3} 2436 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2436.1.2134074033\1534881363" -childID 1 -isForBrowser -prefsHandle 1896 -prefMapHandle 960 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {90846d23-79a5-48bc-a828-e38b12506f7b} 2436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2436.2.956158785\1473394414" -childID 2 -isForBrowser -prefsHandle 2256 -prefMapHandle 2252 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {83414275-2d38-4174-9c59-7a12689dd3c9} 2436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2436.3.1223451884\1276242522" -childID 3 -isForBrowser -prefsHandle 2564 -prefMapHandle 2260 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {202f82d8-6d3a-465d-9a08-bd052a8c39d3} 2436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2436.4.1070146362\1992056265" -childID 4 -isForBrowser -prefsHandle 2848 -prefMapHandle 2852 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {aa17452f-b131-4c31-b993-b3d95fe923ab} 2436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2436.5.90723235\158559465" -childID 5 -isForBrowser -prefsHandle 2980 -prefMapHandle 2984 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {c17736fe-a611-42c2-8f9b-af6390c4aef0} 2436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2436.6.1636430017\1026536347" -childID 6 -isForBrowser -prefsHandle 3132 -prefMapHandle 2836 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\browser" - {2c8821f4-29c1-468d-a2de-25df5b1ebd90} 2436 tab

Network

Country Destination Domain Proto
DE 185.220.101.86:9000 tcp
DE 37.221.196.71:443 tcp
GB 216.205.161.171:9002 tcp
N/A 127.0.0.1:49566 tcp
N/A 127.0.0.1:49573 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49672 tcp
N/A 127.0.0.1:49707 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50146 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50181 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50787 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50822 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:51364 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51399 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:52178 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52213 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:52632 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52667 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21762\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI21762\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI21762\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI21762\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI21762\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI21762\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI21762\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI21762\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI21762\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI21762\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI21762\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI21762\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI21762\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI21762\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI21762\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI21762\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI21762\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI21762\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI21762\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmphn2xkcq_\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI21762\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI21762\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI21762\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI21762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9CwujC\extensions.json

MD5 30b45140b0b5756e7c64371c1a4bcb5a
SHA1 5b9c12cf5c3ec8836bf4d9825f6286a8f96891f9
SHA256 f9fc0c25f35faec57dd1d0b58bdd1e02cd7aa0d3a18bbbf54cb14ab13698e27e
SHA512 4b786b756bcf3a943f6d265d70dfe4bbde21383b9a8caa7cb17641c9d956b3212700c122939db70513c46a05ddf021964d987edab34350ac658e051ed2a3f08a

memory/2840-699-0x000000000B8D0000-0x000000000B8E0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 c1664dcd812b5642802c794e61d95692
SHA1 59419863b627e86c506ffa51b9c9669263a2b52a
SHA256 93237ae23080dcbff1a5dadda47a9d7297f54f67c2be81c7c726ac237e3bc2b8
SHA512 793dd7313b09427d852f1f767a02064252d456c732206ad35dd47edc73d56c8d033ebd716e87706595ca99d9c682178b2ce601a51b2a7c40f214b7510b6e133c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9CwujC\prefs-1.js

MD5 2ccfdf75ffd95c7c1721b0cee926f6a7
SHA1 844e642adce42ab4372d346ece92ea52c7ea090a
SHA256 b80a5306bcdf102cd24ffe05d022e7f2ed491806fe11370fea4af066fdede482
SHA512 79dc78e3ddba7babd1a8139fe8b72dd4749a72c4aafd62a27bad6282cc8973943b46463c411d00586a81c4c31d53a8f0a5acc5eb1dd6220c74a284d352593860

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/2572-1144-0x0000000003CC0000-0x0000000003CD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\prefs.js

MD5 0bb9ec2bccd4fd9fdab707849ac370b6
SHA1 d90e8c33265c71373fd7602854db83d29023f6d4
SHA256 40d83991b3740e04c0fe73173281efb6aad5d9817e266498e9168506b8189759
SHA512 dbcee74cd2d2a5659cff258a61995d503cc3d5463e8ff924e3cb4d3cf5a1e4fb5913c3bb492c7bdaae286ffca3d98616888dd542842c501b404e7771a6d372cf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\startupCache\webext.sc.lz4

MD5 a6ad1687448c3eec81143e9e14a7cd94
SHA1 96ce07835721666896d65c9bf6b2d411d4dc4d3c
SHA256 e804072a25c0cd9c3e4fbccc9fcfc46c55c19f89db1388a206fc68c4889b7176
SHA512 59f8943aca3045051a74e503bfa8479aeba3269f78781a810b1b19aba9c0560487f7748ef60ef4e43190699479ab365b846f45278a258d44be030e845232758e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\prefs.js

MD5 35a232c19e514103d532a5d54b5e7e97
SHA1 f3d66c704e747e57a678b743b274851f366e75fc
SHA256 d7ebb13039d2d9b45b8facb327bf50c1d97f2f04a756d933647ed9ef8873a33c
SHA512 cc4e138f2cb0b42d8f138073bd91d6ab5cf68fa2d2eb50940c41aee16f99ba361cc09e8f3f853b35d011494fa8f6a54c1731022e1e611248bd88442dfa0fad2b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\prefs-1.js

MD5 243c71ef844678e56af02e923462334a
SHA1 af85e2c39bba8c01d2475bb79135d66e5b8164f8
SHA256 1ec5d742a13382d8127ed4cd803dd7b509dfea16f8f1c5d3c98fab5b4bfb400c
SHA512 68317346f803868d366bd680fcc481f8fa19880a6a981035f830ab29a4675d55dda25299f3f8712c2b93db054e88c79893318fa6f1a92a9d9deccc19ff98faba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezlVcfP\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwzZCz\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/2852-1670-0x0000000007970000-0x0000000007980000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwzZCz\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwzZCz\prefs-1.js

MD5 398b479a44a0aad3ab87f98ae7e3b826
SHA1 4254496964fd234fe1075f12acbfac566749f067
SHA256 93140a8a61b1c61562101f3e5418a322aee0f8715f3edf59ad0ab91050e675dc
SHA512 f1414c6b868e17fcb2a5d928b4fc914f49d9ea41ada7a6813f403088653759b6c2f2f25eecc4189f2327c996ea13496a6357638616890fdbd3d9cda8087c5e42

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwzZCz\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQwzZCz\prefs-1.js

MD5 9601156da97c0b8c371512ac83157aee
SHA1 fd34c60d94eef0c2a7a3d294d325980cd0030578
SHA256 76a435201586d19ec8fc31f4d577e1d5480b819a435d58373351a15a691b44e0
SHA512 f1b72273e986fa5c04a9cb8ca0300e8fcf18605a74d3a1d1d1ed3b3bac7a3077c696a5339d4d826eb31a547f70744ba9087a6fe6b71a81d8c840205a796a78b1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPeGnx\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPeGnx\prefs.js

MD5 3a8ca5258e7666ee5815dc03b0a74e8d
SHA1 cf1bb30dc51220089d1cfc47a6fa76fbdd5f7ddc
SHA256 a59f2504b9d95eeff816437feedd1796fbae2f8e71e1bfc2ae7bccccd0831942
SHA512 5c4d34f999d70a9f36a5a80c4ed1aeee76ce0a49cf36c0c8480569aa13546059c016999077a9a4c17045c39b49963bea706ed0f53177a7163d44af72fc2c05c3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPeGnx\prefs-1.js

MD5 fe192cd6cbe80f56959e8357c1f68392
SHA1 fe25bc8905dc654739c1993f68b5ead4f3c5c979
SHA256 a660de71df82eac1f35f3d8a84cd05b275b38df168ad27b06aecd8b155fe030d
SHA512 adfe209bdd843e93498834f497d5f0b58bdfdb533ef709511d242e74e3069f476b180cf20e65835fb40451acfaa77b23a9e1f33c117a2ade49841eb3a1aef6fa

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileiPeGnx\prefs.js

MD5 6ae1419c5d4efa2ede4639be9039cb42
SHA1 053d7a61efd7704863aca256f623c42827cbf4af
SHA256 bb279cfac906d9dc4aa50d1e3d89225267ca06ef3f34afafe9b89e9d2199c091
SHA512 74e969f3adb6aa8a4ed5c4b61513ce2edce8528a0e03aeb4db63ce69115d915a919afb9b812071030179ded2f55b18d4125a50a6cef70345878b2b8da426a955

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWHYAtu\compatibility.ini

MD5 a19ba0572ea7ff794a5ad5249fb6bf15
SHA1 f64cd1e871a4042b3f82f284e2c239aa0aa495d8
SHA256 fad7fc31a5a3e035ed611515ba4105db43ba4b215c9417256ba674084ac315fc
SHA512 50a168fd0db581c9480f06e8355ec675172cefc792ae2dc98ef982b3abb522c8877d53f1bff4ee0575e5fcc44325501463aea8c7fa6931fd28ade08adc4ade51

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWHYAtu\WebDriverBiDiServer.json

MD5 c0818a5b4f43bdd39f98d4e0d8ec645a
SHA1 83658639eba39248f968967571551ffdb70dfb46
SHA256 8d77366e880ba6bab3f61979f0e932245f0f04f09fadaf07b3565c96ad511f8b
SHA512 0446864e37949cf1480d06b71fffeaa3cab62c0daf6a640034d10f9a5a6a8b32cd19e5afbbbc984bc0a9a258c543ea9ffc28a94865c60f52786eadb53b684e94

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWHYAtu\prefs-1.js

MD5 2d967e89f8a561402aa632ec1184d9c8
SHA1 31d2b4babd6c3e437cda689abbb209af7d2c9369
SHA256 cce6ab586d981530124138fa4afd27929dac9c4220e13d2b5d2f84794551b72d
SHA512 a131f1be175a49a6bd7ee767511d25a4617b145454bdb4f9064e8292ca89b71fec2cb85d4edeaeb55da5356831d730be7bc7f3b5c4bb67748bba1c5ae88800b3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWHYAtu\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 a7e8b1d3f566481c2b2e65446091f635
SHA1 6b28318a1522c85cae81407a413f243e49850908
SHA256 619297331642a02115982d010e8ce938f01f949cf7186cdb429e185fa60380df
SHA512 8a2103e38740731585b116eda50d45c8e34d2795b194ae7670b10e4ada5853eb1772d9a144494b013ec4c22cb4514274289bf6855b53e96cccc7a71b34aa9dfa

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWHYAtu\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWHYAtu\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

memory/2436-3335-0x0000000008F70000-0x0000000008F80000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10-20240404-en

Max time kernel

300s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Renames multiple (51) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1948 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1948 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3840 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3840 wrote to memory of 2160 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3840 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3840 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2160 wrote to memory of 1480 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2160 wrote to memory of 1480 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3840 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe
PID 3840 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe
PID 3860 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3860 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 828 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe
PID 3516 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHYOKyB

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHYOKyB

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3516.0.1822258934\1380862522" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {f99998f3-b6e3-4ab2-8d45-b1719e21c938} 3516 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3516.1.321508550\711798153" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2772 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {423cfb53-335a-42b0-b847-41fbd3091194} 3516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3516.2.1433710795\1758001403" -childID 2 -isForBrowser -prefsHandle 2988 -prefMapHandle 2984 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {c37eaaad-75e9-4dcb-a8e1-54e8afde2af8} 3516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3516.3.1591277280\98057234" -childID 3 -isForBrowser -prefsHandle 3392 -prefMapHandle 3396 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {f4dd53f8-b184-41bc-8e1b-a795df6e6bc6} 3516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3516.4.1991188014\2022366662" -childID 4 -isForBrowser -prefsHandle 3024 -prefMapHandle 3624 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {500c1941-ca8c-4c43-8d66-e46eacd9eefd} 3516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3516.5.483849719\1367530194" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {f5b5c9f7-722d-4458-bff3-5f539cbd36f4} 3516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3516.6.1814680963\1248002743" -childID 6 -isForBrowser -prefsHandle 3824 -prefMapHandle 3832 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {9e211760-ab15-488c-bba9-da5a44cd93ed} 3516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3516.7.725702486\5993260" -childID 7 -isForBrowser -prefsHandle 4232 -prefMapHandle 4248 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {32d9c7d6-6e81-4cc0-b58b-74b13862508d} 3516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3516.8.748601667\1775133799" -childID 8 -isForBrowser -prefsHandle 4536 -prefMapHandle 2332 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {72b18315-4749-46e2-b065-d4bd92da820a} 3516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.0.775300968\1460131164" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {637d9f9c-9fc1-4613-b998-7cdf6596f5e5} 4936 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.1.1101508679\1979403801" -childID 1 -isForBrowser -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {1ca33321-539c-4c78-81e2-59c58a42e994} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.2.1218555334\1141120867" -childID 2 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {c49f602c-02d0-4c73-b7c3-b9d3fd94f5ea} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.3.1824852543\1544292720" -childID 3 -isForBrowser -prefsHandle 3520 -prefMapHandle 3524 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {e0fcbe61-b3e8-471b-bd69-e30868e4af53} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.4.360108384\490385053" -childID 4 -isForBrowser -prefsHandle 3820 -prefMapHandle 3816 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {e63fab65-957f-4b43-9a88-4cb17fd17c9d} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.5.930739759\532620519" -childID 5 -isForBrowser -prefsHandle 3964 -prefMapHandle 3968 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {774ab905-9d7f-49e5-9ece-ef28ff19a7ef} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4936.6.888420149\1399171276" -childID 6 -isForBrowser -prefsHandle 4024 -prefMapHandle 4028 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {6ea6dd5d-617f-4721-a960-d5b2c9c90655} 4936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3u1gs

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3u1gs

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.0.448077659\790806782" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {9c3cdb4a-50a6-4f29-9ecb-a1410d72ec16} 1964 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.1.1853649518\608180298" -childID 1 -isForBrowser -prefsHandle 2456 -prefMapHandle 2172 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {836c746e-01fd-4df0-85fb-4a223c5ad8e6} 1964 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.2.269009683\1736003926" -childID 2 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {4babbfc6-77b6-4136-a5c1-16e15c7ad746} 1964 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.3.1121373818\1297225010" -childID 3 -isForBrowser -prefsHandle 2984 -prefMapHandle 3000 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {c912941d-a6d1-41b5-88f5-49596b632822} 1964 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.4.794808125\1153105218" -childID 4 -isForBrowser -prefsHandle 1348 -prefMapHandle 3512 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {b6f81eb4-437f-4a00-a181-81b2022c5068} 1964 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.5.142869669\267555951" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3652 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {0b05dce1-93af-4809-a370-0df3be8fbffa} 1964 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.6.609513982\1758836551" -childID 6 -isForBrowser -prefsHandle 4004 -prefMapHandle 4012 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {b989bdeb-65a8-4076-8732-016aef3c49f6} 1964 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.7.329183576\711820303" -childID 7 -isForBrowser -prefsHandle 3408 -prefMapHandle 4428 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {aa58abac-3757-480e-91c5-41ae83f6302b} 1964 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.8.1237276242\1015519738" -parentBuildID 20240416150000 -prefsHandle 4472 -prefMapHandle 2920 -prefsLen 27407 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {37e20ca7-3e02-4054-8a69-59b47150f4f0} 1964 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1964.9.1671784692\2069050356" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4212 -prefMapHandle 4464 -prefsLen 27407 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {9e5228a0-f219-4d86-9d50-1f7cdb2bf6f3} 1964 utility

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejqU7Ku

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejqU7Ku

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.0.1655479990\1703753683" -parentBuildID 20240416150000 -prefsHandle 1496 -prefMapHandle 1488 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {cd78eeec-f6b5-4a07-aad9-b2a2239da4aa} 4588 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.1.1881486116\1767334449" -childID 1 -isForBrowser -prefsHandle 2220 -prefMapHandle 2260 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1188 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {d5068a73-f52b-4a83-8d2a-9914ba6db577} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.2.2083942314\793522760" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1188 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {578f4702-e00f-4c90-9449-befaf05f825a} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.3.934114084\977846178" -childID 3 -isForBrowser -prefsHandle 3008 -prefMapHandle 2996 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1188 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {8fe8dd55-fdb6-41a8-b302-8f9453dd2851} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.4.1044542504\659941801" -childID 4 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1188 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {08e7202b-728e-46c3-9228-10bb12849c8f} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.5.1808275829\1490654505" -childID 5 -isForBrowser -prefsHandle 3800 -prefMapHandle 3796 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1188 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {d180bd8b-be55-47d9-932b-c4a251d596ad} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.6.152484817\998036557" -childID 6 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1188 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {c8130025-a337-4d38-92d9-81e081c7aba9} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.7.623519625\1381616207" -childID 7 -isForBrowser -prefsHandle 4320 -prefMapHandle 3576 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1188 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {fff97ebe-b101-4f0f-a5b7-098a8c9977b8} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKW5YxK

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKW5YxK

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.0.78493402\1498010960" -parentBuildID 20240416150000 -prefsHandle 1496 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {53edf2c9-4fdb-4669-9772-0aecf4910f09} 3624 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.1.923818428\1654232114" -childID 1 -isForBrowser -prefsHandle 2512 -prefMapHandle 2316 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {e0dec269-b644-48e6-a217-b42b8a723ab3} 3624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.2.325447187\1995447399" -childID 2 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {591eeec2-1cad-41cc-9b19-a554c460b0ef} 3624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.3.1728115076\738369116" -childID 3 -isForBrowser -prefsHandle 3332 -prefMapHandle 1148 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {36cbb026-4b8f-4a01-97cf-f9b886192680} 3624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.4.953970729\315342953" -childID 4 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {b3959d9f-4482-452f-9bed-30afc2ac091d} 3624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.5.312902119\827154796" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {0168acdd-4dca-421d-95ff-c924c0dd57e7} 3624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.6.91453064\1078571693" -childID 6 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {4f8e4771-75d2-409c-8d40-40abf1241e2d} 3624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.7.544663831\802384357" -childID 7 -isForBrowser -prefsHandle 4312 -prefMapHandle 4316 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {0ac53e98-7731-41d3-a8d6-894e5e40d5cf} 3624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.8.1993404251\1287162062" -parentBuildID 20240416150000 -prefsHandle 4552 -prefMapHandle 3244 -prefsLen 27558 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {0fd5ec64-98f0-4a2d-bdf1-6fdca67d4909} 3624 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="3624.9.373319037\1543333284" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4316 -prefMapHandle 4388 -prefsLen 27558 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {86b27fc6-c5b0-48f7-8502-e77a10c1d424} 3624 utility

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFLu21s

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFLu21s

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2876.0.1034432805\647427344" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {da9720c3-3edc-4cdf-9d6c-160c868adcdd} 2876 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2876.1.1080640575\1784839629" -childID 1 -isForBrowser -prefsHandle 2124 -prefMapHandle 2508 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {cec93f2d-2886-4022-9e5c-801f78c432af} 2876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2876.2.66362507\215893142" -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {5293fce8-5d55-4680-b9b6-929d0247edb1} 2876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2876.3.1756032067\1469473488" -childID 3 -isForBrowser -prefsHandle 3292 -prefMapHandle 3308 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {6e220369-7bb2-43dc-a36a-8103c58fee8a} 2876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2876.4.1923399503\3013560" -childID 4 -isForBrowser -prefsHandle 3392 -prefMapHandle 3352 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {8d7cb4db-cf62-4263-b42f-794ad9628ef6} 2876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2876.5.1760384569\561744746" -childID 5 -isForBrowser -prefsHandle 3780 -prefMapHandle 2356 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {a866d034-dd90-4ab3-9cfc-4b68f7f0fba9} 2876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2876.6.204127677\719420128" -childID 6 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {5e10f989-2ac6-4848-b41b-d17759b8bf32} 2876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2876.7.693575485\1431937366" -childID 7 -isForBrowser -prefsHandle 2988 -prefMapHandle 4284 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {4dcb4ce1-720b-42e2-ac5e-dc3f7ba0bd8e} 2876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKjndHA

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKjndHA

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.0.1095587427\942765140" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {52f7c278-74d3-43c5-bb67-0831a2a7ab08} 4588 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.1.217257273\633173276" -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2608 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {716883f6-c077-4c3b-a31c-385bab1c8ecc} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.2.742962337\528614714" -childID 2 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {f81ab3cc-d75a-4d8f-9c8c-7733a29dd9c4} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.3.1154618788\1260978515" -childID 3 -isForBrowser -prefsHandle 3004 -prefMapHandle 2992 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {578b50c1-b84e-4639-a286-f29510732642} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.4.2064105475\451855283" -childID 4 -isForBrowser -prefsHandle 3696 -prefMapHandle 3128 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {c21b94aa-19e2-424a-8765-18d937239cee} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.5.28064550\206496743" -childID 5 -isForBrowser -prefsHandle 3764 -prefMapHandle 3364 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {30bc430b-8461-4b41-8f4f-6d3e4ea39ff5} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4588.6.923761052\1551727825" -childID 6 -isForBrowser -prefsHandle 3816 -prefMapHandle 3820 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {83908e60-585d-41bc-a481-9f9a7a66f100} 4588 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuouWcN

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuouWcN

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="220.0.1604390314\2102843013" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {22b663a9-2514-4103-822b-ba9235716ceb} 220 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="220.1.1141226754\135969065" -childID 1 -isForBrowser -prefsHandle 2492 -prefMapHandle 2488 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {bf493774-3cfe-4afe-8d2a-b0c2272d7bda} 220 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="220.2.1699520479\954839981" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {e767f69c-1122-44ae-910c-b14f1221638e} 220 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="220.3.2048463247\1373429585" -childID 3 -isForBrowser -prefsHandle 2852 -prefMapHandle 3108 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {84c21643-112e-4097-8936-0d52500a9a95} 220 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="220.4.2124426010\811691136" -childID 4 -isForBrowser -prefsHandle 1356 -prefMapHandle 1352 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {930d6f2e-08b0-435c-b75e-285b887b731a} 220 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="220.5.353137794\445624673" -childID 5 -isForBrowser -prefsHandle 3728 -prefMapHandle 3732 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {280f5c5b-3957-41a4-a58b-e0abdfe44ce1} 220 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="220.6.166332757\112554499" -childID 6 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {f97e7836-2905-45da-a88a-f40116a3ccc0} 220 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="220.7.420707164\1347255473" -childID 7 -isForBrowser -prefsHandle 4332 -prefMapHandle 4336 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {778258ac-ca97-42d5-adb7-279b9caff9a8} 220 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe --port 50041 --websocket-port 50042

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefoRPck

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50042 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefoRPck

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1464.0.1539229333\1321924695" -parentBuildID 20240416150000 -prefsHandle 1500 -prefMapHandle 1488 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {99c4c011-f4b6-4854-a1cb-fe043ac906fa} 1464 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1464.1.1787273467\1764060153" -childID 1 -isForBrowser -prefsHandle 2664 -prefMapHandle 2660 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1044 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {01b54396-6ec0-4e9e-905e-90b40322580f} 1464 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1464.2.1416240213\74048231" -childID 2 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1044 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {5f3e8a09-147c-441c-b0f9-8e5bc3f2741a} 1464 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1464.3.661129227\1967195963" -childID 3 -isForBrowser -prefsHandle 1388 -prefMapHandle 3224 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1044 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {3fc2590b-792d-4a3f-8572-fc90bf0a7694} 1464 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1464.4.1972531855\1629389512" -childID 4 -isForBrowser -prefsHandle 2960 -prefMapHandle 2976 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1044 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {d81021b2-28e5-4361-ba58-407562841821} 1464 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1464.5.187774375\741023345" -childID 5 -isForBrowser -prefsHandle 3808 -prefMapHandle 3804 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1044 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {5206c5ee-aa38-40e5-9f62-c2a8a37389ca} 1464 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1464.6.1755837445\1958458550" -childID 6 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1044 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {5618aa1d-374f-4fdf-b0ef-fb89bb2bef86} 1464 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1464.7.1897666023\1464363213" -childID 7 -isForBrowser -prefsHandle 4220 -prefMapHandle 3984 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1044 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\browser" - {8877f00a-25c6-457f-afb1-06cede7d7584} 1464 tab

Network

Country Destination Domain Proto
US 65.39.97.13:9002 tcp
US 8.8.8.8:53 13.97.39.65.in-addr.arpa udp
US 173.52.94.197:9003 tcp
PL 95.214.53.96:8444 tcp
US 8.8.8.8:53 96.53.214.95.in-addr.arpa udp
US 8.8.8.8:53 197.94.52.173.in-addr.arpa udp
N/A 127.0.0.1:50144 tcp
N/A 127.0.0.1:50146 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50239 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50247 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50612 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50620 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50873 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50881 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:51195 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51203 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:51496 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51504 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:51864 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51872 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:52177 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52185 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:52427 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52435 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:50041 tcp
N/A 127.0.0.1:52774 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52782 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI19482\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI19482\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI19482\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI19482\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI19482\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI19482\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI19482\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI19482\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI19482\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpg2jjhjki\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

\Users\Admin\AppData\Local\Temp\_MEI19482\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI19482\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI19482\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI19482\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI19482\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI19482\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI19482\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI19482\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI19482\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI19482\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI19482\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI19482\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI19482\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI19482\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHYOKyB\extensions.json

MD5 ddcc3619c3e54f93ecfebb57e5c11608
SHA1 3f3686e42a4f8eb25f46016b7ce2cb4f137c20c3
SHA256 273edfa69afb9a683b1dcb172feaf30866726d42a95ce206e761bd5f23ae324f
SHA512 fd88af3108706f3c708316aca3d2ae7124e222a1bff69c3c50643127d34a4016c8d10142d6f44ad2a16773b5422385551169950d63cb6edcf89c541b6a5d784b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHYOKyB\prefs.js

MD5 c337d85ff90735bbbf396cc5a9236540
SHA1 60a7d5322ab46e04bc220affc7abdf6571c040fb
SHA256 53e10fba53b0d886287f5b93077ac1332224489fe76e049bc9f8b4bf1b8b37cc
SHA512 41ea241b647e7cb7dd4d5e766f4016704536ec3b287a77850303d67fa0baf93fd3fe6bb0397e96357da73e2a139b24ecc51d19dbc87e72c9d1b971a62d1cbd88

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 18ba85d440766d6ea0eb6e8a4fd85aa1
SHA1 1f64068e3f682b2262c2ef29770e59b25355d99a
SHA256 9525ca60c0baee71378bceb6723be4949903d83e0d3e19e1c1ddc5933c27d297
SHA512 c4cc5048dcc6073ead2156caaf196423f5d960534b32c3330c3fe9505051e1b771301a2c6c5d5beec3f991a55fbc3c2b45d00d56b775648162abbe719f1fd9ca

memory/3516-585-0x00000176D79E0000-0x00000176D7B50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHYOKyB\prefs-1.js

MD5 78d04b2944c8b12d61d0934a342ab4f8
SHA1 b625cceeb198909ccfa55f56e0a282512315ecd8
SHA256 858ff21b4e4296dff733db55ce96bcea2beec1747ec9001fa9af07247f6a5b5f
SHA512 233a1026d67e60704aed4d72b34b37f99f3d2fbe771e09dc5bdddc4019a8a2c3e6979a8911811d2da913ce487dea7bfc4e66a3ae8554c7ff59b80d1261ac2401

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHYOKyB\prefs-1.js

MD5 53670291adbca5a9997247a36cb94d54
SHA1 b3dd19b117c28806bc2184d7f31d5d0ef547c2bb
SHA256 0add8fdd07520442ddc2f213fd4375212d7ccb54afc61c78c21cefddf3ee99ea
SHA512 687a54a3c691438b9ef0a209caca8fa25120786edc28838ab3dfc5210e6e0e218461b01cc8f50824b2635cc67e0a6bc90ecdfb38ac080314fca73c813d32d49d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4936-818-0x0000024314760000-0x0000024314770000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\prefs-1.js

MD5 610e55999d37a29a9a1797035d0fe49a
SHA1 41e515fbde27b551a311227f5a40790ebd6f14ce
SHA256 62f7319d9a4bd846bd3c2deb8e816b040be78e8e43555ed1d4516dcb1a4c8644
SHA512 154ed2ac6aff42cdf6a9b1c2e3b2b7fa8334e75eec9f758cfac2538bed6c633eca54c4b3cc1569af8c3db66783b05c393b319a5bab08c21f8862677606a6a3f4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\prefs-1.js

MD5 c48ae1335442bb3ab15f13c5250fa11e
SHA1 0cf636e749bdde6d4e7dfa5035f49a8fd26c8920
SHA256 483cd64be1266d401d4894de2fa488ff28689d8aea1c2445ee301984c552db50
SHA512 c883ab2276735f78a4e031c1f4b67df7834cbfd71692a560134923b2633bad9bd2d14a2a9630affb7b00c12dcd8138bdf589a437df5f5d0f9cf73888b6e5abd3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesslU2Z\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3u1gs\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3u1gs\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

memory/1964-1141-0x000001F408AF0000-0x000001F408B00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3u1gs\prefs-1.js

MD5 63f854923015d51c44ac85932c36d20a
SHA1 120d71888848279c5131581e30dab3b9a1af3eda
SHA256 708f517f9621ee047bb2b66d7e056687518c1e72d82bcfc3be1d73ae048866a5
SHA512 7bd2189392458147369719431a324784066a15c6f273e4c95f7783a7c624e3cfec119b289b074d1876360a6074a4e53683dc62238be34ec9de1add2df319864c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3u1gs\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3u1gs\prefs-1.js

MD5 9334bea0d65dbb18359bfa62cb5f3c9d
SHA1 ef564cc1e48be2dc77ccd8ecf331e100e52bae10
SHA256 58b29d89ca1aa71c4ede2ad1077d0c16a633511b6f72670f7cce7d2cf4a1bff5
SHA512 d88b7a50908c6ade651d30d87b18d485c3e3c93f97542365ae422946b355274d712dcb8b90ac0a20cb28cf6edd6d3f1fccd76fce65dcd6ece938a992e2750f0b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3u1gs\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK3u1gs\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

memory/4588-1374-0x0000027570ED0000-0x0000027570EE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejqU7Ku\prefs.js

MD5 b94c5d1dd7f30920bf0fee1f91d4564e
SHA1 00976440626762bf90fed0a8f4debf82d54f3aa1
SHA256 a7d40f70e48f834ba3b98f5b50d5b5e63b9ba58a07341b0a766784961de79acf
SHA512 237dceda59c4ab9437104af497e770460bba6fa2610b5437b7f89f24534751fa9f07cbed6db6f6bae42cb21480da7022062d01c27b3446482fbf3df24e0dd74b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejqU7Ku\prefs.js

MD5 c58affd7fbb09174ba41dfba66bdbc49
SHA1 93f84b753130efeed2d54b88713a162c28d2e90d
SHA256 94b012b026b6e077065d6e8afa1590941948c38bec9aa82b4e6df3f0682ac2e6
SHA512 02bf77016728397b197a12bd7c97f68d244519baf44900d0e8c3a09273f0b4dc1a3e20aca32540a89418bfb8612c2d39e6403f6a5d97368f6bbdc8fb13ccda37

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilejqU7Ku\prefs-1.js

MD5 9547e7a9937101268234f71721a882d6
SHA1 697f6161ac3b72564c349431bd64c4d24d037fdd
SHA256 068297a979658701023ec93e6475b7420f1d615a677068ae1c0d16ffeafea70e
SHA512 8bfce9d530c04d07c67c845f5a2b1ed6d3fd9addff2cebed16fa94b66624120ca35a3ce003770764a2625a701c65388f75a1bb649a96c4793ad64d8fd95988af

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKW5YxK\compatibility.ini

MD5 3bbf3e52353d4d84a2d71d427867b18a
SHA1 b57a8dee05d3da75c92019b8e16f5073a42aa18a
SHA256 e5ce77463d9f6f89aaffa36483203710feb14153e0fd5d84e68a53a7e166d2e1
SHA512 9d15487e4b0249a90c4b932c6f8971e51c594078a17ab8f5c7f98b042efa86874504967bd37ce575b96a1e0e527bb280e5e277e5d8ffcb7282d37b884aed779f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKW5YxK\WebDriverBiDiServer.json

MD5 664bf25ca745a78554701dae9cf12ff6
SHA1 4b1450aa2e9d47d45e44b59ebb17176e6fd690fe
SHA256 e3a5d63d3d67f61e58cffea8db997596659344bc6ccc52788605d8458f808cca
SHA512 ad2378b86cacb84a24a89bbd82fffe996c748cdc9d9eced788a158d2e5c0063cdb7388fb388a864eca81d0eea10f65a31a886747b8392eeaba46ada525880191

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKW5YxK\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 0b1bb068734f01783efca63bea911df3
SHA1 9a1b95ddb84a29d12aaa8d7257b154fc6e784753
SHA256 c8ffd0900289ccb9a8cc455cd851128f107018eb22ecd1237720ac54069ffd65
SHA512 8b482af3c4771e6d240f3265f0c78785a11199d5c746af8c1f092728aeb789940758d4daedab91d0df2dc422e27e01bfb83554001191d5813b2bcfa428bfad27

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKW5YxK\prefs.js

MD5 250876cb7197ca3e729a4c2b7424e896
SHA1 226049f2911b419d05b72b781e874459f918bf91
SHA256 341df68eb5194febf324658ef87672cd58a608b002f1b70698b05df0c0c0f3dc
SHA512 46e3b3951e138332ac5c7f0f8bd709e45c89e5e95ac86c44adc8d99b4b7a50a2f9a4679675b9096ac7ab16ccbae4d0cc4671532136c467c96ef7290c2d05c38d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKW5YxK\prefs-1.js

MD5 8d3c56738311006a6e5e913de9ea3306
SHA1 d5c993d05dfab38626e704ce7c4a3a2b9fc50070
SHA256 94e066a1f47d26254332663d4036e940715d7717d6dc6be443ef179b5c494f01
SHA512 3e6cc1a8456128f28170891c3bd8b3aab3c09e36e6b01bd48ba4bc8e451217dafe458bff8348b7d680bb358f05c3eb8c1d08a17ce271a28ae171633af13cd1f5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKW5YxK\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKW5YxK\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

memory/2876-1942-0x0000017C92300000-0x0000017C92310000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFLu21s\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFLu21s\prefs.js

MD5 5ee361686766dad43076d613392d22f7
SHA1 aab935d4ac4eeda2f9a4c99e30e554cf88b08b66
SHA256 179e2e0c0297340cb9efe9e0fd316b5d3dc8a20f142cff4f00b7f779bf903455
SHA512 9eadf044cca4317d424f12f36845b11588b902125e8b87fc32c65589487baae35b6bba3943913064a566794be8c78fbbaec9e612372c56c5999e924fc0bd2ea5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFLu21s\prefs-1.js

MD5 a9210d9a513fe178b7954ea7c0e60064
SHA1 2ee28a7e7fc170b05a0747ab7148b465b4f47607
SHA256 0486d5a35905fbef6b5f1d6734b662f25f0f292b626afbfbdb674f5c9c93bc5e
SHA512 7b3a70917ff818e822d6c9bacb3a2602ec5c3793230fd5f3528d92fe355eaf5f35801b7c85dc4b85695c7c205f529b1e203544e350690a66bc53692a0ff48518

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFLu21s\prefs-1.js

MD5 7f2746f4c69daf1e77514fcb62fdbdf8
SHA1 a33e4dd494ce9dc03bc4cb92f780c0ad107829a8
SHA256 97b73d5cd4947726a8312f0b2f0c15ffd1f6367d072a59d0b19174ee628ce8f4
SHA512 dec1eceb10771f175afcd622a9d82d2eab0de1d8f26890d2d1b2116bcf7dd35bfe3cb6c9ed5baa25a04dead474282a1dc2c8d67b234dd60f4ffbdbb2465273eb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFLu21s\prefs-1.js

MD5 f0f9f2d09514b3f3a63de6eafad518d8
SHA1 8da12364bf42edb499fcb0ecd51360cda0f3a1b4
SHA256 b009230d5b7e2f2a81f4fac3c51df943ee74da9d4d5950cb6bdc2cd47fe2d665
SHA512 9210d5ea41fae1d2962c0811fbc4fd98dca8468c3a8378b615f4ea1d0767c5f156bc00729e546aa12af8ab343123761dc06736297f6e39cef5f6dd6e8591ed6d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFLu21s\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKjndHA\prefs-1.js

MD5 7486977577551f9889a7e50098aaf5c9
SHA1 7021d30a2ca5acbb22f1b0773e4f31c8aa6b8117
SHA256 50aadfed276be7229ec3ca424efdab5b37edba07e7070eafbbee74248915fde1
SHA512 48561e01e4f52d845f9ce0dc20d6e896146962ef14f4215d81cd313ffb09578fc17ca11a0cdb74643ff45340bb0c5e3836197ce346f18d1c395ff3e7309b9396

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuouWcN\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

memory/220-2450-0x000001DD2D260000-0x000001DD2D270000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuouWcN\prefs.js

MD5 755b61567b529545b1a12ced1d3a8e8c
SHA1 b2d21f9ac0a77949790be164045699f8161e62f5
SHA256 7e3adf9b57a0684b8b40b38c38b53064b448bd0d4df67085d9fbb9b18c13f1ed
SHA512 7fa4cb805ff2cc356eb6f51d1693f515c864ecd934374c55f60795e6d377d4976c6a6f211341572ff3e33eb4c67e0643d7b09b835420f890dd2e865075219897