Malware Analysis Report

2025-06-15 20:36

Sample ID 240509-ccg41seg34
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
evasion trojan pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Shows suspicious behavior

The file heavy.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan pyinstaller

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Checks whether UAC is enabled

Detects Pyinstaller

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:57

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10v2004-20240426-en

Max time kernel

301s

Max time network

311s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1560 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1560 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2840 wrote to memory of 5592 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2840 wrote to memory of 5592 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2840 wrote to memory of 5252 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2840 wrote to memory of 5252 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5592 wrote to memory of 4088 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5592 wrote to memory of 4088 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2840 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe
PID 2840 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe
PID 736 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 736 wrote to memory of 4860 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 4860 wrote to memory of 5436 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe
PID 5436 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe --port 62112 --websocket-port 62113

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezLNtKS

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezLNtKS

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5436.0.1531914093\1399528165" -parentBuildID 20240416150000 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {b7b438f4-9e58-4586-bb6a-44ace7bc615d} 5436 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5436.1.1605561956\416651591" -childID 1 -isForBrowser -prefsHandle 2844 -prefMapHandle 2828 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {12a8791f-7b64-4a21-bffd-29111d662d53} 5436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5436.2.498944883\1784521304" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {abd56488-df4e-45d8-a602-ce222f95d0cf} 5436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5436.3.1705471580\1994888208" -childID 3 -isForBrowser -prefsHandle 3504 -prefMapHandle 2876 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {79746446-b619-42ff-af97-9ff31e50114a} 5436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5436.4.871548215\1147317556" -childID 4 -isForBrowser -prefsHandle 3836 -prefMapHandle 3832 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {39c215f5-4e2e-4fa8-a287-e2bdea94ca85} 5436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5436.5.2081177555\821882824" -childID 5 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {d0d9b8a6-45fb-49d5-a98c-a7098a5de927} 5436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5436.6.1339457627\1434356794" -childID 6 -isForBrowser -prefsHandle 4176 -prefMapHandle 4180 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {781f3819-f9f2-478b-8bf0-ad21ef74e3b7} 5436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5436.7.572150220\1389598220" -childID 7 -isForBrowser -prefsHandle 4580 -prefMapHandle 4584 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {048c5010-3548-44f6-87f0-eb3ad08c5216} 5436 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe --port 62112 --websocket-port 62113

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.0.117156798\267226246" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1656 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {94d0ea9e-7ce4-4496-9259-e8bb04707d75} 4876 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.1.2036607531\1368031193" -childID 1 -isForBrowser -prefsHandle 2688 -prefMapHandle 2728 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {5a900572-b8c0-4d48-aaf5-2939ed34a270} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.2.727422669\1787552224" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {2626a7b2-585e-4fad-a02d-3208f1470457} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.3.541452753\149523946" -childID 3 -isForBrowser -prefsHandle 3328 -prefMapHandle 3316 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {af59ee61-b169-4b4a-83e6-69bac8e32b02} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.4.1849000223\1643109731" -childID 4 -isForBrowser -prefsHandle 1512 -prefMapHandle 1544 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {d9d4e971-e367-4b0f-8922-3c3659f794ff} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.5.1909698310\620647129" -childID 5 -isForBrowser -prefsHandle 3380 -prefMapHandle 3388 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {9da751ba-b259-4bdc-953d-6318994e9806} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4876.6.1777911234\508095707" -childID 6 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {1033df8f-4d52-46ba-aad7-105195614b76} 4876 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe --port 62112 --websocket-port 62113

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJ8QCg

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJ8QCg

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.0.2107093892\1971141067" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {6d9b9ad8-0527-453f-af4b-86bdbb14b7a7} 5172 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.1.1040236816\188145972" -childID 1 -isForBrowser -prefsHandle 2688 -prefMapHandle 2684 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {014782d1-c05c-4f71-a8ec-7f9a5445ec5d} 5172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.2.2127791305\15033193" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {97209425-e9bb-4e94-b98d-8b7edc4596fe} 5172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.3.34587952\1224252779" -childID 3 -isForBrowser -prefsHandle 3252 -prefMapHandle 3304 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {b283dcfd-0e40-4d9d-ac36-b54e9838fb26} 5172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.4.245538834\1287854371" -childID 4 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {d159fe13-f801-4a31-9e0d-e61efa0cb51b} 5172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.5.1743019251\914205740" -childID 5 -isForBrowser -prefsHandle 3960 -prefMapHandle 3816 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {89a5866c-c35c-4950-8ede-b8fef1cee7e9} 5172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.6.2021816922\1329012357" -childID 6 -isForBrowser -prefsHandle 4140 -prefMapHandle 4144 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {759117fb-e521-4be2-b3f0-45814aa6b802} 5172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.7.1833198977\1158522837" -childID 7 -isForBrowser -prefsHandle 4556 -prefMapHandle 4560 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {f2a1190e-19b4-493d-b015-861d0174a43c} 5172 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.8.300143855\427792199" -parentBuildID 20240416150000 -prefsHandle 4588 -prefMapHandle 4592 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {be7827af-26fe-4470-9217-a83fe9e0d595} 5172 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="5172.9.1238169359\1912517852" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4808 -prefMapHandle 4812 -prefsLen 27362 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {9b4e479a-28ae-4f14-b2e8-538c76c97527} 5172 utility

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe --port 62112 --websocket-port 62113

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekrxpGh

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekrxpGh

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.0.193867567\653767311" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {14899999-1f18-43ce-b2cb-7ea0280d77d9} 3872 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.1.76920198\1078348721" -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 2632 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {08e222f5-1732-45a8-b6e1-38eb265d43b9} 3872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.2.1970866091\1995220674" -childID 2 -isForBrowser -prefsHandle 3164 -prefMapHandle 3160 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {abee7485-0a71-49bd-b97e-20715250768f} 3872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.3.146738864\1240359926" -childID 3 -isForBrowser -prefsHandle 3304 -prefMapHandle 3240 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {7802a314-1440-4a27-9906-09263de39592} 3872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.4.1318593831\1178920198" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3720 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {adb13a29-0ac7-40e7-9a12-fcddad5bcc61} 3872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.5.418257878\461630046" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 4000 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {85bb9f53-eb90-414c-9a0b-725d21bb4e4a} 3872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.6.1944118501\1318084517" -childID 6 -isForBrowser -prefsHandle 4112 -prefMapHandle 4116 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {8d942039-4bd5-404e-a1fb-28c183ba918b} 3872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.7.544461306\1592063353" -childID 7 -isForBrowser -prefsHandle 4660 -prefMapHandle 4484 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {442e9f3a-9000-48ee-8730-af8a3b7be841} 3872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.8.1656797079\1806142367" -childID 8 -isForBrowser -prefsHandle 8752 -prefMapHandle 8780 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {379b324d-df66-45ae-bb5c-94d620a4782b} 3872 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="3872.9.757469885\1065049338" -parentBuildID 20240416150000 -prefsHandle 2620 -prefMapHandle 2616 -prefsLen 27719 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {972cf617-d151-4b01-8fb7-4b0d81867893} 3872 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe --port 62112 --websocket-port 62113

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4292.0.1976325739\284649713" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {120ae6ae-c02f-4338-89bc-ea7cf4aeb3b3} 4292 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4292.1.917030579\315222748" -childID 1 -isForBrowser -prefsHandle 2452 -prefMapHandle 972 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {1b4a9336-5b27-4045-a010-40078159b02c} 4292 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4292.2.1817869503\939497879" -childID 2 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {8beeff42-2506-4b90-9d9e-5741f6fa9775} 4292 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4292.3.131939221\1058870500" -childID 3 -isForBrowser -prefsHandle 3424 -prefMapHandle 3464 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {c70ecd4c-b987-4cee-b737-dbea23efce00} 4292 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4292.4.878778350\1338144199" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3796 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {fb18be8c-10bd-49e6-8ea1-6cf752278de8} 4292 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4292.5.614685924\232334703" -childID 5 -isForBrowser -prefsHandle 3356 -prefMapHandle 3772 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {ce9725db-5156-4a22-97f1-ada9c763be18} 4292 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4292.6.1566801087\1440709227" -childID 6 -isForBrowser -prefsHandle 4084 -prefMapHandle 4088 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1256 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {b9223b0d-29e8-419b-9f42-02d2a23af89b} 4292 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe --port 62112 --websocket-port 62113

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNo5Wog

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 62113 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNo5Wog

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4496.0.771160642\1562592009" -parentBuildID 20240416150000 -prefsHandle 1680 -prefMapHandle 1672 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {a391d9f5-7d75-42fd-8578-9ba2d23fceaf} 4496 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4496.1.191757218\618137458" -childID 1 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {f3d4b4ba-d1c6-429b-9307-b7475eeb6ef2} 4496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4496.2.249762543\1670248707" -childID 2 -isForBrowser -prefsHandle 3164 -prefMapHandle 3160 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {e7755952-ed31-439a-a3b4-b85ba22a442c} 4496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4496.3.1590219331\1672854387" -childID 3 -isForBrowser -prefsHandle 3256 -prefMapHandle 3272 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {dc2384fe-7be7-4333-9e87-e08f41675eb8} 4496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4496.4.248539738\1486585361" -childID 4 -isForBrowser -prefsHandle 3368 -prefMapHandle 3460 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {1ef8b43d-134b-42db-aab1-f762f541dd37} 4496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4496.5.1904258662\2139360854" -childID 5 -isForBrowser -prefsHandle 3940 -prefMapHandle 3996 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {202798cc-22ea-440f-a570-335ac34f8337} 4496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4496.6.1924021441\536446438" -childID 6 -isForBrowser -prefsHandle 4056 -prefMapHandle 4060 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {08103cc2-3def-4365-a30c-bb7aa151e82f} 4496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe" -contentproc --channel="4496.7.920765170\1160767440" -childID 7 -isForBrowser -prefsHandle 4540 -prefMapHandle 4544 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\browser" - {d04b83c6-255e-4ba3-b846-853e02d451f7} 4496 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 173.249.8.113:443 tcp
US 8.8.8.8:53 113.8.249.173.in-addr.arpa udp
LU 107.189.1.9:9100 tcp
US 8.8.8.8:53 9.1.189.107.in-addr.arpa udp
DE 77.237.233.50:9001 tcp
DE 84.247.164.64:9001 tcp
US 8.8.8.8:53 64.164.247.84.in-addr.arpa udp
US 8.8.8.8:53 50.233.237.77.in-addr.arpa udp
N/A 127.0.0.1:62215 tcp
N/A 127.0.0.1:62217 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62321 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:62329 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62724 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:62732 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.177:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
BE 2.17.196.177:443 www.bing.com tcp
US 8.8.8.8:53 177.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:63124 tcp
N/A 127.0.0.1:63132 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:63506 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:63514 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:63964 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:63972 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:62112 tcp
N/A 127.0.0.1:64258 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:64266 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI15602\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI15602\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI15602\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI15602\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI15602\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI15602\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI15602\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI15602\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI15602\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI15602\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI15602\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI15602\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI15602\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI15602\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI15602\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI15602\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI15602\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI15602\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI15602\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI15602\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI15602\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI15602\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp8p2f_6ee\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI15602\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

memory/2748-493-0x00007FF8E19B0000-0x00007FF8E19B1000-memory.dmp

memory/2748-492-0x00007FF8E2CF0000-0x00007FF8E2CF1000-memory.dmp

memory/5688-527-0x0000024803590000-0x00000248035C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezLNtKS\prefs.js

MD5 79845095abbf1513f08594864d2fe0aa
SHA1 05803316fff3079de5dd5f330e9bc3abf0bd7b30
SHA256 0563c4a890668a2d03716b78574dec4e5da72370a9e6572f17cfcc3bc30f59df
SHA512 5ac553a2c79f64630918cdbe00f4a5d8fc1b26af2ef9e5a229a5b261c5a5e1d0ba4942574b55c0537f39fecf2c949d67804f0bf97828d0217a44ba6f2c4d8db1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezLNtKS\extensions.json

MD5 39137f922a7d41f9c4f338393a863ac5
SHA1 9e3b8dc3e7cf4e32712eb9270af967360117998a
SHA256 5856cbc3156bcedd4489e5173930f38b92639c83e66b728cabf5cbd840b9afc1
SHA512 af3ff3d7632c2e567c01e1e46d0baa94f113e3923a865c1dc13193f6028e3c978aaf4be0f7e172171e54e859949c2ff866f1810613e9956ab05f9d1b1650497c

memory/5436-557-0x0000020CD87D0000-0x0000020CD87E0000-memory.dmp

memory/5464-613-0x0000021BC86B0000-0x0000021BC86E0000-memory.dmp

memory/4164-612-0x000001BD4D350000-0x000001BD4D380000-memory.dmp

memory/5092-611-0x000001D5C90A0000-0x000001D5C90D0000-memory.dmp

memory/4656-610-0x000001CC6FB30000-0x000001CC6FB60000-memory.dmp

memory/2748-609-0x000001265D360000-0x000001265D390000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 09402dec6f9b0ecadc67b2590c260f03
SHA1 fd2866ae1247764f855772f1c1a5b93b73b46ee8
SHA256 1adaae716dbd9a77e9b2bc5012991c51166be24922ce467efaaaccb161d288e4
SHA512 c97d732eb8bdc64552d40630925d8fbbb3b0d84aabf08dcc276ddcc9bf943e45db3d4fec2fb565b286d331e0f8fec03b5aba92259f4ec7cecc3022d2808f15d0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezLNtKS\prefs.js

MD5 e280f8d8e556509b24001205b0a809e2
SHA1 ebe3d3ccea713d6e7a1e66284fcf8216d3fb6ed7
SHA256 e937de101447ae5a44d131f9b8c3d285f36cce26189243a1546e6c7f61c153be
SHA512 84d3729d02faa4e049fea3e5e7b300e1c10661b9fa1bf4298bfff932b14e3a80832a6d7e6515ce5e5520e163c8b6c837ce44d8bd8af586d128252a12da2ea4f5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezLNtKS\prefs-1.js

MD5 38394408517ef477af01ca5dd1ef405f
SHA1 b37eb69c84b83a596b9fe4fd10ff32b338db2e69
SHA256 2ac33d5d852fc5c3e8654d8384acb4ba784d5aa378464378d7602f053f9b8a61
SHA512 6e7df76eef4d249f12daabff248b0035d6bed97b9fea727a6fdd67621ffe59a1f35f34d2973cf8b1b7088ee58405b7f5e92b29df54684345d113de58a6ee0730

memory/1724-690-0x000001DE56E90000-0x000001DE56EC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/5076-870-0x000001D2D7D80000-0x000001D2D7DB0000-memory.dmp

memory/4876-899-0x00000229299E0000-0x00000229299F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\prefs-1.js

MD5 b5ebbe10686fc09814595c329db3988f
SHA1 1c505cfe552aae209b6f97bf4037139e9bb3c3e0
SHA256 be181719b13cf872bfee4b4c1e0daa1558d90996fe3567dbf6d9952cdf410206
SHA512 c660b5e1aa0f89a61a26e5e59d209d9a5a45adeaebde0525c989dbb75c0b3970e4be10eec74723e8cd7e8c2f9c481f78ca26606678cc8df33b4d8eab14ac3572

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\startupCache\webext.sc.lz4

MD5 821928874fc8d0f7d980e639ab0f2d22
SHA1 cd480a468a2456d9454128ca1b2766d3557a2a10
SHA256 e092ecac62a15cb9e456f4114f88923ca568b68231d39df2291593e27bda1261
SHA512 f2d4efa94b6245371a9ca6b587174c5d5848eb56e1f0939065426a930ade91d37c09db3130f1fcaedf817fb844e6f3ce8b12824c59907871cb2ea591f65aa4d5

memory/1896-967-0x0000028DA5720000-0x0000028DA5750000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\prefs-1.js

MD5 5cc4bb4a4f860afea974253a888a7d36
SHA1 25223eca4424fb138716afc3720941fd91f64ee0
SHA256 fdfe4be6a73b8abe4a68669ee656001b16947400232f9c3b5b7cc6819ea5ddc2
SHA512 d25f55c3defd38b5bc40a9e1ade290e63b658ce4f6ec9c6431cd53d836fb96daa2782c94d525af179fdd0759b90f54969e40dbd0da46a0b3b32fadbc2c329c29

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileT9Fw8a\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJ8QCg\user.js

MD5 51ea978c5a33217db0ac6ccaf033cdff
SHA1 bbbdfb0739caabe5bdc402d2d307c2456227d871
SHA256 1363156eed478148e0edbe4e008831f290df1bcc1981704d6fb6729659e5db44
SHA512 6da75f6e1f651b9e518e7570e6b0d41bca2d476fcea96888068a4727968a1d5f42db319477e37a88c301332bd99cf84d741c29b675291f53b5241a06bfcf5d3f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJ8QCg\prefs.js

MD5 419e69d1b165dc0c0e5627710e8b5b42
SHA1 9f9f01511005c83dc87641dc8c4970f954ed7b4d
SHA256 21cdfca3bb508175d4b2edcbf2ba49f553c6a90c7fc5013bc93ea63ca91e4bd6
SHA512 755eb625c03d465491a3b1d0f7e2165d6f0a96c052e5d7266ed701e7d724130cf0918ad438709ae65009422d2f14160334952ba7ee20e8868cd11fa67b2c833f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJ8QCg\prefs-1.js

MD5 1393d712b15875952941897fa696fb5f
SHA1 4c2532e9a757c3e1360ca540a658a10e22cb11d1
SHA256 ff03676511714b5e028a16ef40b96e38cdaa0895ecd6328b91c07c011f5b464c
SHA512 5fc21f1f61a1960c1ec72b216b939083fedb40e0b82b4d00ba11eb5603686038875acf8fc223694e4fd0992e87fce2ca080eb86b841c0555a8ef60a206efeff1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJ8QCg\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJ8QCg\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJ8QCg\prefs-1.js

MD5 b8d601588dec26819c920595dd469af0
SHA1 d0c999062aa5d53c6bf3788eb762401a522d6069
SHA256 c204a4191ee8e2a2fcbc97a70a4bb222c3669c3706dfae8508eb4a5c3433ee79
SHA512 e0e84ab27f8b3da71f19c1398a7134496df76b3a684c72614552a493016e1bd60ce270f8786221aab4e75e3fd251a6f3caaa61753642f1f578120d86b6a2c5d2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilexJ8QCg\prefs-1.js

MD5 659f6a9a37c426801e4e0a7924cb21a9
SHA1 b3a3dd30ae765ef0050ebb80d6ed8f7bbdc73ff2
SHA256 c36a632a4f82e1ac5f1fa6007b11ae4b6ce6de787a7f2b4ed4842448ebbdd7ce
SHA512 a6d3d7760522344b3e7ad0a251e8e0895037d7eeda4fc180ab890ac4cc3e7ffed5a99650b518744f66beb89863828ab6559f97f5bc05f09d5703b906f0281e10

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekrxpGh\prefs-1.js

MD5 ad69eb1271a170990b8b20d9f57974df
SHA1 31651543fc57e3e4c24c03f8b369f279bb21f23a
SHA256 3a8dc80f918884ee3d5a796d77e4e5fbe4a9fac4953401cb256068b9e0e87397
SHA512 45676d7ac6c0dd0c03a171fc953c33769a4e9125b941dc7f91b2dab1ab1e1fc532cd917aa87df854f16f5af6bec9c53e91ad8358fa9d6ce6e84dd5463c75c69e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekrxpGh\prefs-1.js

MD5 2bd3bcf32a0276a187eef93a6342b1f1
SHA1 c2a7ec71f40477bc7bd82ccba58ce47a985c96b4
SHA256 4686b89e589b4df69198bf870de6406bf689c17d2781d1991f5e26138bc85ba7
SHA512 588cbb5d95e15775d6994e6e5af8f6f0b9ffd0c908a1eacec96884b9f9e5ba918a829abb13dd006823c99cd296ea7f616c9c03a67b29914a6aaece9b63d4a341

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekrxpGh\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT\compatibility.ini

MD5 ef09c1eb47beaa58af27cd6c6fa0fe14
SHA1 c1d5acb51d0528c90adb6ff1e78ba8371c1ba19c
SHA256 89b0309f481c1d9386bd9b80a576434b4f1e5978ebf01bbdcb4b8fccf3857eaf
SHA512 9947633f1ee917085c5246f60991e8e6584965908a10b046c3f694a8e34e1124a3ac3ea51f8c0fea4ddf91df0f1af5628cda6436566668e90f3983cd43290489

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT\WebDriverBiDiServer.json

MD5 eedbef00dee9e793577ca47940caade3
SHA1 415341129e4bfa83e12a86a036658dc41f469547
SHA256 50a4fbe1b8640e0a2cc6d8a0428a521ceb968dfdaf414ce3403736c3c6a6a321
SHA512 d44ac1709aaa06b5b56eb22258aae6f6255f184ac057a1e41a02e1e5d7d21d7878bcbd47fb74c7caced56b2409d899b49b8ddb0a4e3433e6e896ffd9a3de6d93

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT\prefs.js

MD5 e00a867d1cfe1b2780afea816db3e399
SHA1 baa42d36b3ec2a1b26cab015ab27b0da8825adbf
SHA256 25f1568d941ae7156868acfd62de2e77041d6e7a267059820266df7ce18371d5
SHA512 a9876f5b8b2c3dacada4f405627ac478ab5db6b2a6a036e844d21b54d5013c0f6103796be92e3c8c5619bac272a35392d8e69df7e1e0ed5ecfaeb0ed0af7af76

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT\prefs-1.js

MD5 50cc2591acbbac54fad5b4f2c290dbc2
SHA1 4fd2273c8f8760a95da5b9fc8521273f135dce85
SHA256 fa445dff305e4beafe17f8fd3c489f0aed290f93156f5c8b60c9352fda251618
SHA512 8f2dad43677cc13371cb0abccd8d6d0afde635c7db1bdde58576222e46407a60b778968b43ffe76fd6257b402e37979a1c3938ed91295e35d32795c162943f59

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 5e2aef981b1b49e109b9734d86324183
SHA1 84b46570ae391d823013716e27aa3d3234cd6b6e
SHA256 015144c78357a64d11b8427e9f56d0ecaa497e140ee3bc58c0cc2614782d68be
SHA512 92512072b02f972a052e35d729714b8d9389744e24ef40e3eb32469a385b2b5e54df03be13997227dd4c09de42818f80f05800893b656fe4a8de24abde6cf9ca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletteLIT\prefs-1.js

MD5 eb83d9e6d105b449ff09e8e9d074f8c6
SHA1 826cedb7a2dffdf643d662e176e79b8b232a0e84
SHA256 4f73c6a7cd1723a3c67858ca80bab881eef42ca6d3fdc48d83b6d8f8ea8235c3
SHA512 ae060c3241610dadc09ba543ae0e903ec4f3436971952f3dd3bc7b9ca417187e2a910296e16f89a1680b1a47458b3e3fd6ef01fd65cdb6b5e5762902f87b7c93

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win11-20240419-en

Max time kernel

301s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2488 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2488 wrote to memory of 3372 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3372 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3372 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3372 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3372 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1144 wrote to memory of 3440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1144 wrote to memory of 3440 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3372 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe
PID 3372 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe
PID 3428 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 3428 wrote to memory of 4752 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 4752 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe --port 50014 --websocket-port 50015

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYTiABY

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYTiABY

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.0.114789771\1612128374" -parentBuildID 20240416150000 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {32f6db17-a33f-48bb-9071-4324b23882f4} 776 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.1.733671545\1606533996" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {cd4d4e75-237b-41b4-b5e8-b5ccf8c73118} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.2.1814514011\318332652" -childID 2 -isForBrowser -prefsHandle 2316 -prefMapHandle 2512 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {fdf0e4ea-84cf-42e8-b61c-6d7ab7c39228} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.3.1347576826\439317803" -childID 3 -isForBrowser -prefsHandle 3504 -prefMapHandle 3324 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {228fe8f4-332c-4a23-acfb-5762662094a6} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.4.2056899196\431306889" -childID 4 -isForBrowser -prefsHandle 2472 -prefMapHandle 2564 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {2126209c-f8b5-4b43-9e59-d0d072887b12} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.5.496115736\741862857" -childID 5 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {d47525a4-d01d-4fb8-93a0-1dab52553665} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.6.214809020\1580315046" -childID 6 -isForBrowser -prefsHandle 4120 -prefMapHandle 4108 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {e8e2214b-d73c-4b57-ba63-b512ae5100f8} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.7.30665404\178357800" -childID 7 -isForBrowser -prefsHandle 4620 -prefMapHandle 4624 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {7cc89f13-3d01-4b61-989f-0a4e76605f86} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe --port 50014 --websocket-port 50015

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.0.578534710\1339647771" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {971a6b0e-4acc-4c59-bafd-07b1117b816b} 1532 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.1.1038938808\1201480492" -childID 1 -isForBrowser -prefsHandle 2744 -prefMapHandle 2524 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {9c7adcbf-30e1-46b0-ba45-dff124d4f9ec} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.2.661864423\2028927678" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {c4c6b550-cc05-4229-8430-83b73679711b} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.3.1399396657\254820599" -childID 3 -isForBrowser -prefsHandle 2472 -prefMapHandle 3268 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {b3b65bc1-0b75-4ab6-9024-61c3081e57ac} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.4.734218215\2042355609" -childID 4 -isForBrowser -prefsHandle 3184 -prefMapHandle 3228 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {4ec69e3e-aa90-49b3-801a-84b92c3b8ce2} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.5.1471671709\684011838" -childID 5 -isForBrowser -prefsHandle 3644 -prefMapHandle 3800 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {3391d20d-086d-427f-bbc6-ff0d5d06eaff} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.6.2114203033\1396848582" -childID 6 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {359f77f9-5787-4094-869e-a6a0cb9ac26b} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1532.7.80107608\1351807333" -childID 7 -isForBrowser -prefsHandle 4456 -prefMapHandle 3452 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {8110d976-478c-4945-a0e8-ac39ce26eab2} 1532 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe --port 50014 --websocket-port 50015

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7ePUpA

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7ePUpA

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1536.0.114782791\1309746246" -parentBuildID 20240416150000 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {9259458e-1b8c-4e72-9945-4ce116ebf461} 1536 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1536.1.1500086483\494017900" -childID 1 -isForBrowser -prefsHandle 2688 -prefMapHandle 2684 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {5dd3cf55-44c5-4726-8d2c-fb2fb04aee7f} 1536 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1536.2.1420182934\962368993" -childID 2 -isForBrowser -prefsHandle 3044 -prefMapHandle 3040 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {ee7233ed-b7af-4ef6-9704-bcd0fb4a7607} 1536 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1536.3.1707896523\450071427" -childID 3 -isForBrowser -prefsHandle 3112 -prefMapHandle 3756 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {4f4d2267-f22e-44e1-9926-86d57437aa6a} 1536 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1536.4.1487878920\681917653" -childID 4 -isForBrowser -prefsHandle 3092 -prefMapHandle 3836 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {08d20aba-12ec-4f71-a24e-1eef1fc82c67} 1536 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1536.5.1960741172\590299298" -childID 5 -isForBrowser -prefsHandle 3428 -prefMapHandle 3268 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {5076b89a-e373-4f8b-a9a6-dd895b04ec13} 1536 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1536.6.1730643495\638875401" -childID 6 -isForBrowser -prefsHandle 3344 -prefMapHandle 3256 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {4bb56adc-25b8-40ac-80af-b2b9eb22388e} 1536 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1536.7.973849839\228407014" -childID 7 -isForBrowser -prefsHandle 4500 -prefMapHandle 4504 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {f1bc5ae9-1c6c-449c-953f-05974356566c} 1536 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1536.8.671335568\890783562" -childID 8 -isForBrowser -prefsHandle 4724 -prefMapHandle 4732 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1308 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {d61dbf2f-23d7-473c-a110-a181a02e474e} 1536 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe --port 50014 --websocket-port 50015

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6U7uX2

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6U7uX2

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4960.0.197125906\452042236" -parentBuildID 20240416150000 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {28438c3d-c60e-416c-9695-715fa64909fc} 4960 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4960.1.1384047195\1651873094" -childID 1 -isForBrowser -prefsHandle 2540 -prefMapHandle 2456 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {89bead90-8a00-4539-84a5-236577579618} 4960 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4960.2.1674664073\41695431" -childID 2 -isForBrowser -prefsHandle 3100 -prefMapHandle 3096 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {18bee775-41e8-4ae9-bbfe-e1939a926b5f} 4960 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4960.3.250535868\52894789" -childID 3 -isForBrowser -prefsHandle 2448 -prefMapHandle 3328 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {b8181362-d567-4575-b7b0-b2551d9e65b3} 4960 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4960.4.1993933859\1607703562" -childID 4 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {86f15b7f-11d4-4c11-a99c-27c7b5d22250} 4960 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4960.5.86813372\470395852" -childID 5 -isForBrowser -prefsHandle 3528 -prefMapHandle 3380 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {d3c1ab4f-209d-48ad-a684-7d02d7ede877} 4960 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4960.6.1060859694\206480354" -childID 6 -isForBrowser -prefsHandle 4088 -prefMapHandle 4092 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {a8817a42-70f9-4068-b5bf-5f1e698bb874} 4960 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4960.7.1910514494\824061333" -childID 7 -isForBrowser -prefsHandle 4424 -prefMapHandle 4420 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {96a003f3-991c-40c0-bdf0-2a791aea940a} 4960 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe --port 50014 --websocket-port 50015

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletH1TC7

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50015 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletH1TC7

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4368.0.1657254703\1296950285" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {1dbf0a0c-a719-4ab9-a037-b9e4d234a26d} 4368 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4368.1.634532209\1445915426" -childID 1 -isForBrowser -prefsHandle 2716 -prefMapHandle 2492 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {fa872de1-4c43-4e9f-a26c-8ce831023684} 4368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4368.2.1543367138\1682815186" -childID 2 -isForBrowser -prefsHandle 3092 -prefMapHandle 3088 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {19581d6b-78c8-4498-b49a-ddfa1520e9f9} 4368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4368.3.1178344582\1198318456" -childID 3 -isForBrowser -prefsHandle 3612 -prefMapHandle 3616 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {41b24038-e45f-4842-87de-156d3325a97d} 4368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4368.4.1082691294\571876097" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3768 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {7f2e3e74-cf2b-4da0-8079-82f95e0002d3} 4368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4368.5.498294407\1744515026" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {77beb783-3d74-489b-910f-995addfe515a} 4368 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4368.6.733081110\710603298" -childID 6 -isForBrowser -prefsHandle 3788 -prefMapHandle 4100 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\browser" - {8bc58948-8106-471e-9467-d97ec4799072} 4368 tab

Network

Country Destination Domain Proto
GB 198.244.212.57:443 tcp
N/A 127.0.0.1:50117 tcp
N/A 127.0.0.1:50119 tcp
US 8.8.8.8:53 57.212.244.198.in-addr.arpa udp
US 135.148.52.241:443 tcp
US 99.106.143.239:9001 tcp
N/A 127.0.0.1:50014 tcp
US 8.8.8.8:53 241.52.148.135.in-addr.arpa udp
US 8.8.8.8:53 239.143.106.99.in-addr.arpa udp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50222 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50230 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50599 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50607 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50942 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50950 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:51313 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51321 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:50014 tcp
N/A 127.0.0.1:51693 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51701 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI24882\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI24882\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI24882\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI24882\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI24882\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI24882\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI24882\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI24882\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI24882\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI24882\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI24882\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI24882\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI24882\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI24882\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI24882\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI24882\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI24882\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI24882\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI24882\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI24882\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI24882\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI24882\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpv9whxy6h\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI24882\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/776-474-0x0000011922FC0000-0x0000011922FD0000-memory.dmp

memory/1312-494-0x00007FF86E0E0000-0x00007FF86E0E1000-memory.dmp

memory/1312-493-0x00007FF86F100000-0x00007FF86F101000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYTiABY\prefs.js

MD5 df6ce417a592f2496f7510cf13f3dbee
SHA1 aae7c2d0c041adae5dda49615d63ab6a71f7a882
SHA256 0accf40695d51ee28d14c1b00c4d54b53b2ebbb732b97a7f530470bdca46e40e
SHA512 7961dd051c690237d36e42c75bb4060205f9f574720f6d32de83e521c8f37baeb2fa86310348a2266b55b66fed8bd6c42f6da7e88c177a922cb18317f69bebf7

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 6e1ec5b1302fa45252a7f976193e92d9
SHA1 a83c9cc00302f25b888e3dc94ac1d42bc030cf6d
SHA256 a082bb74e14dedbc78b5200d24440e9e9f59e0afb3756160cb780cd96bb1d0e5
SHA512 f3346c7402622bd5c277c2e2657c3b818028efc3beb420a87a3af8b882232e92e93b0e5a8e3e8effe581a427d0583e4e9eb39c2a910a7588c348e6b0f93c2d9b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYTiABY\extensions.json

MD5 90b62eb2c57ef25baa276ae857738850
SHA1 16f0421b1a2c336db292ded614a848664df473db
SHA256 91039c82ec31a9eae77ec0fadbfe8098aa8adfe0765f64245d6002c84bee8623
SHA512 64c2263d9ed09571eeb3faa68931d7330639735a463202e40bba0276d7928914c08f50f44931f190ec79a039c3ca5ea960ab7be88595f7d3a551736dd850a91d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYTiABY\prefs-1.js

MD5 a263080123b17c5bdb3eae05c628eaba
SHA1 bc13fa4c0027c016dc608dc320f8735c91c22d9f
SHA256 02c3908f1257036597d72e5fbcc8f58c1327bda0023ea5d7b992f52337762556
SHA512 7c8f0109d9ab94ba941a5f88401e1c16d8056b804210496db327d4d1706b4d500db52e2f8883004ca7c7111ff8f9ac56aa2ec1d59c92bb359cd0b799e9787b82

memory/776-608-0x0000011928020000-0x0000011928030000-memory.dmp

memory/776-632-0x0000011924CE0000-0x0000011924E50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYTiABY\prefs-1.js

MD5 3dc0626281a8f123fc0db82c5f09f43e
SHA1 7e5b118a2a703669761c5e87206a596ea16d1ae2
SHA256 bacf66a4a6ce315f6a00dbfdf274779b30fb79279a0dc3e773321d4b525502ee
SHA512 50a013f3dddb3b6a033b080221ff8f5f427eeab63787cdd86503a5c9f6d00518b6dafd19e146da2476d05e74e2714eea75abb42d5c42d87fda9e20c1ae22a27e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1532-862-0x0000021A31250000-0x0000021A31260000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\startupCache\webext.sc.lz4

MD5 b6ffb77913c4fa082adfaaca7b071a13
SHA1 6339aaeb3e314c4b7a5bdc1fa500f236a232b6e6
SHA256 6d6cbbc92c29dc5fa19fd4f61d7c86b8b7ff9bb945ebd2bc82d0b49a8e917b97
SHA512 a42d3533101671152d99b661553889e7992c428ee2ee3c202849e35b1f4044e2c2ffeb3e6d55128e67604fdc2055bb2c556b41a23daecae60eee8afdb84a0729

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\prefs.js

MD5 e06676115c8a8819894c70ddb338dabb
SHA1 c28bc67573cc0eccd6c5f590d8a93704ad57849e
SHA256 9a2bd9955cdefc8493a4496158867e8481870db0b986f948d82afb146fe4a2c1
SHA512 926a8822ffc0403afffc29163fe6d518e6a7703ad33140c97618c746f1d53be17d89027413f825f4385a7c0bd1fe71d2a6b89bbb38418a98428d5dac93367cb4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\prefs-1.js

MD5 e92f33a6e89beac3cd401a1c6130378b
SHA1 d6ed32338659ad0db93e511f2c0366fa44261469
SHA256 bd78a921ecbfc771546c4fb4a7b8724bef1ffb641989c16813a7a0e06d6b2132
SHA512 d96d24f1ccaa3604135c13bd843b6f57ac74b289b2b00485ed6c089138f1df912dbcf311b7aeee04dc1b1bc340634f21effaa7db86d494db6d152130da9d32b0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRWRwpi\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7ePUpA\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/1536-1167-0x000001F318DB0000-0x000001F318DC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7ePUpA\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7ePUpA\prefs.js

MD5 e8280f6b773280a44bfb7eb837f20d71
SHA1 a97940c771cf38e99b1523ad0e616067d75b5aba
SHA256 f610ec418cee6efed85591579ab19cfc6caf00501d6fb25cd49fc165da8704aa
SHA512 667f4c0b890f5ffa12e3e56f2f0f8bb02af188eed6fd2ef944157880c63876fc52e08e905b6a3c84bfe07488283170bd9ba9df1343557eb9fcc30915a07539bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7ePUpA\prefs-1.js

MD5 2b277af07d2b966bfa1b3418ad7bbfbb
SHA1 3e5c59635bcbe91b4f34aad0ee52bf4ab92c7a18
SHA256 e206167f2df82e84b3839a4903730cce25eeca6cb6797f7f19a0e9f43db518aa
SHA512 b0df1af8108bf607b1a433e7ce54bbc6720cbf54e02a47bb04f6f87315564cd900f0963715ab178dec0740a4736ba6292d91172dceb28a71f2c948e5b366a2fb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6U7uX2\prefs.js

MD5 f0e59ced31905e0f8637e21d4e03ec79
SHA1 a1fd0546c41a6cef4301a38177343d1cd1c71c7c
SHA256 06ac4beeb6d26a207300d639825e47324eefa8f55b53206a02c9ce9a53c067fb
SHA512 a179a3e4080f2cf89849211079ea3ed8c770c5ca770c336b3173bc5e98b309621e8866999e7ffc04b40d141a1011c3b9794db45dec85265eb39af9fcb808b2bd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6U7uX2\prefs-1.js

MD5 2a2bf38303e2afd724e3add41dd45c5e
SHA1 ea983d67b0cad8472d5cd4a343ad2b8d8b1dbfc8
SHA256 4344d024de1d23ad66fe589bfa485495451ed5b56d60ea6359fb0ee74b2f43c5
SHA512 ece386a9e7cf28997901040df55b81a8c88d731f1f8b74850a29a5234b3e47ef83ce32c3f2a50074d8fb4807d6b7be1af280b40b98f4f99a5d8d5200460e63b0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6U7uX2\datareporting\glean\db\data.safe.bin

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6U7uX2\prefs-1.js

MD5 24a003f6feaceb85e380367eacf68a4e
SHA1 51d761a7c2c1fa22f52e18efc0f4cb9e745afcf2
SHA256 f990d2f28ce4e3f84b7f87766b2e2c5798488cdddb613262fa6d03cfdee4ce0d
SHA512 4be030cb1a31b410d0fa843c02d38561788a037da113ff4e88ab2e1bf9aeaf745361bc33418734189c557c1acae0fc8c2973fd83c854d8de8b2c03db40dc2ce3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6U7uX2\prefs.js

MD5 15d385f54ab1da56e7a194c95823c173
SHA1 b0f4aaeb672e21cf8fca610ba4096bc7a784fa80
SHA256 c284cba9c10caf84677ba98e5fae9656c708e0fcbb806ee6d4be7922ae1a0413
SHA512 7f06f65f2a83de1095b399954e3767243be38d38fc5dd20c19d4fda80d96df5eabe250b97769f9c7efdcaf678890068e60fe4f1dc3b9310e4310e3cfa225f8d9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletH1TC7\compatibility.ini

MD5 a81ba1f765e5e1dd8acd42f409f3f348
SHA1 ddd11ffe157d9e173318a67f08b13bbaaf65cc0e
SHA256 41d39739bbaa8e9df71c82457fa2819f40cb44c66b9c35fadaf1f7aee0599d9a
SHA512 e6e5fb336b530a4b51558b8ec2700f98a2b7a4e753b66d87500dc876492e4e51043099221b65d646577d64067e20ad6dbd150467c9c8d27f24ff58654e436f15

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletH1TC7\WebDriverBiDiServer.json

MD5 3076b954190ebe1906eba802bbc567cc
SHA1 47170b299fa232fc05c3365325fc2b7351be0659
SHA256 0154aa59ab5d0aa8c42008b8549df0bdb2ef24a3017033d0bc8c3e25ff5c6180
SHA512 79560b6e97160c51a1dbc23a9976f9e87f54f30f8fcc3329ad34051774bfe72f43553286925fcae8302316f3fbb18936b29e4edb4b1d2520c69a730ebcbe1454

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletH1TC7\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 4dac9dae536eae22f88e7b93b5b02616
SHA1 730f0aa18d189a114634e339e376f3ad42dfa031
SHA256 5d4fd74db787acdd8533bb98258c4ff885bd0956796bd66be04947c5f8ec60a9
SHA512 8df05aa8b236e94464fde0f71621634952197b15ec96e3d2bba37da85e58b4d32f015e9f612c36a60baa51a864692c51c59d32adaeb9360c14e898fb90350de4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletH1TC7\prefs-1.js

MD5 cfba17c2184fee68269b693c3be23639
SHA1 6d0e296fbe2755a7562c5b7a3252ddd50341dbbe
SHA256 ba44cf6c5e76f7edd7d624fff399c713aecc18ec226770c4453b484ff1afb897
SHA512 72285b991fad2ecd50adc9909a1eefd2385d6e82d31399e5281bb8490ac8093c1cd5b48aa513c9881a583361a733437ca22fb3c4977dc7a015c6d9ed2b2fb474

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletH1TC7\prefs-1.js

MD5 e483c15fe142b121d46b7093388a2f33
SHA1 222d38ad311df039a18868af769776b999ecbcb6
SHA256 b7d56b9bf4c1d2971717464e9b5a321576301dfe6ebbaba6589cd5faee9e8c4b
SHA512 a2777a62c6959bbd0b3af6f4a113862b38cb928383209dca6b18843696ea573bdc589ea13ce283ad2bf1814278711ec73d61243da60914aabff9ce816e2406fc

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10-20240404-en

Max time kernel

248s

Max time network

304s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3244 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3244 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2096 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2096 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2096 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2096 wrote to memory of 4672 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 316 wrote to memory of 2176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 316 wrote to memory of 2176 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2096 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\geckodriver.exe
PID 2096 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\geckodriver.exe
PID 4952 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 4952 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1276 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe
PID 1756 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI32442\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI32442\geckodriver.exe --port 50056 --websocket-port 50057

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50057 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIl9Md

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50057 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIl9Md

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1756.0.673091157\1876788077" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\browser" - {c922c5f5-2879-4dbf-b497-34ccaa085ff5} 1756 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1756.1.89074212\1507296952" -childID 1 -isForBrowser -prefsHandle 2200 -prefMapHandle 2480 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\browser" - {8e3fe23a-b4bd-42b7-ba13-77e1f91d3aeb} 1756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1756.2.1531855646\1735598502" -childID 2 -isForBrowser -prefsHandle 2372 -prefMapHandle 2220 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\browser" - {18bdacd0-4833-41fc-a67a-84867b9ee681} 1756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1756.3.1652385684\1557686492" -childID 3 -isForBrowser -prefsHandle 3164 -prefMapHandle 3488 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\browser" - {3c6fb2a0-a959-4fd6-93ec-1fa0dbe9d1e1} 1756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1756.4.822855920\1623772367" -childID 4 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\browser" - {d30457ef-410d-4ded-ae11-fe68b7953f7d} 1756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1756.5.1451001669\1252145481" -childID 5 -isForBrowser -prefsHandle 3844 -prefMapHandle 3848 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\browser" - {f44f2d60-4644-4a2e-87c8-ec03262038a7} 1756 tab

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe" -contentproc --channel="1756.6.730466164\373300322" -childID 6 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\browser" - {e0c31893-adb3-45d5-83a7-01d14cd301cc} 1756 tab

Network

Country Destination Domain Proto
US 198.98.60.90:444 tcp
AT 89.58.17.228:46856 tcp
US 8.8.8.8:53 228.17.58.89.in-addr.arpa udp
US 8.8.8.8:53 90.60.98.198.in-addr.arpa udp
FR 94.23.148.66:8000 tcp
GB 77.68.30.104:9201 tcp
US 8.8.8.8:53 104.30.68.77.in-addr.arpa udp
US 8.8.8.8:53 66.148.23.94.in-addr.arpa udp
N/A 127.0.0.1:50159 tcp
N/A 127.0.0.1:50161 tcp
N/A 127.0.0.1:50056 tcp
N/A 127.0.0.1:50056 tcp
N/A 127.0.0.1:50255 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50263 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 52.111.227.14:443 tcp
GB 77.68.30.104:9201 tcp
US 135.148.53.55:443 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.53.148.135.in-addr.arpa udp
GB 77.68.30.104:9201 tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 77.68.30.104:9201 tcp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI32442\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI32442\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI32442\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI32442\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI32442\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI32442\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

\Users\Admin\AppData\Local\Temp\_MEI32442\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI32442\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI32442\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI32442\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpflfzxe97\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

\Users\Admin\AppData\Local\Temp\_MEI32442\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI32442\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI32442\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI32442\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI32442\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI32442\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI32442\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI32442\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI32442\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI32442\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI32442\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI32442\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

\Users\Admin\AppData\Local\Temp\_MEI32442\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIl9Md\extensions.json

MD5 1e3e6b8bdda4bbec8a0df9cb3f27bc4d
SHA1 58fa4273343fb02d107e397717397ad1f9ac9c65
SHA256 d9d75be0cabe87795a99582f6bbd85790f5f17ac8058166a907e2aab7881935a
SHA512 a8339cf78f1ada9f1f48d5b8aef259420a453d0200acb5441d9f86250d6c3f0f5dd08293a998f36876570d667da1e2a6ac4e83c6942a0775b49b829e95842aeb

memory/1756-551-0x00000166CAA70000-0x00000166CAA80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIl9Md\prefs.js

MD5 a12aa9f1ac53691030286f52a4aa1f08
SHA1 23369ee3aadbffe66a3fb1cc6a1ff42e75c64577
SHA256 7f75434c1ee3aab5f142e7d49a7d2ea1d3d8c08a62745ed3d8fd54547b1abe47
SHA512 a1382cdf78bda51ab93adc0824cd4e1546bdf548497cb634a48af09beff53fcbdb819d1bfa1d4278465c879268fb51f7ed0a0704eab016eb01b5bda2ab8e3388

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 dc8c94bbd9dca74f6b7a8da9021c2ba7
SHA1 8f40d661466f51bf60d970c9c12f34b30d50b4b0
SHA256 d4a2567977b43938c8923bd386e4240649a58651d0455cbfc79221eac2112ba2
SHA512 0bd48adb202147640fc1a53e4ed492a26a2f31c75d254d0f6d6da4006cf66eaaf53f93552ad1fe00067441d9820ab34494802efdf15845a0c92c81e7662ff587

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIl9Md\prefs.js

MD5 d634aef8fc4f46645418b8e67694e52c
SHA1 364070d90497d333356e54e916ddd244f35bf7ff
SHA256 9799f64c5155561afbb701330eddb0c50364bdcb92a06839b26ea0ada22e95df
SHA512 210aa8d0baa7550eb29dd5825453001683e2a41346758640add5f6e2ca8621be307bd1b6afbceb51ce5dd5bb4ce5082ee96310ee7adc7f704231cd0e527a58a3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIl9Md\prefs-1.js

MD5 fe8a756ef795b1b2212785816ce0aa40
SHA1 434fe252b51f8ee0da27795681c0e67e25583e9f
SHA256 1dd930b95162fe6ee66973f2e64283418a6bb86a525eaa544829bd52f41796b3
SHA512 5f0ab62accb9ead250eb1284a859dc662ee36cd81efcde1ddf4f48e353dec2e199cf91a38e3da5a296700af35a3988e2fd4da756bf6d2b520c1f66ad1a730650

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIl9Md\bookmarkbackups\bookmarks-2024-05-09_14_T6u53mPvyLQndqxVPTv9Qw==.jsonlz4

MD5 55e2001cfe7e1e02ddc10b249a711065
SHA1 66d54c487a19b467c6e0885a3f6a0f415c44a58c
SHA256 8e16428e3972e80e5b77a37eddfd9338431110e31cf6a95b6a7bb45cc82095dd
SHA512 75dac859ece5652f9ca69b3f4919497864045349bebb800bd2d2f80d988c0a176efb7ae4e739f51995a0709e49e4501c8027730c029666de9ed791054ad26229

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win7-20240221-en

Max time kernel

298s

Max time network

304s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2908 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2908 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 384 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 384 wrote to memory of 452 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2552 wrote to memory of 1472 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2552 wrote to memory of 1472 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2552 wrote to memory of 1472 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 384 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe
PID 384 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe
PID 384 wrote to memory of 772 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe
PID 772 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 772 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 772 wrote to memory of 2200 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2200 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe
PID 2624 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe --port 49464 --websocket-port 49465

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49465 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecrTiip

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49465 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecrTiip

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2624.0.1574858551\425117215" -parentBuildID 20240416150000 -prefsHandle 1228 -prefMapHandle 1160 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {f55087fb-e1dc-45a9-b8a9-eabadd800e3c} 2624 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2624.1.397910502\1118957130" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 24240 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {bff54b40-1a0d-4f94-872a-4f0c3134a40a} 2624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2624.2.1301009912\1507500697" -childID 2 -isForBrowser -prefsHandle 1980 -prefMapHandle 2352 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {b7eeab03-91e2-4f3e-808c-490dbedb1acf} 2624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2624.3.1238398599\107327947" -childID 3 -isForBrowser -prefsHandle 1836 -prefMapHandle 2576 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {fc2cee6a-f8e7-47b1-af9f-f789c21154ef} 2624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2624.4.1078593467\772044372" -childID 4 -isForBrowser -prefsHandle 2480 -prefMapHandle 2680 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {45e14f05-c672-4f0d-977a-96b162455fbc} 2624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2624.5.360959866\2117632068" -childID 5 -isForBrowser -prefsHandle 2824 -prefMapHandle 2828 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {86630917-6be7-491f-a9b7-eea2bc0f5663} 2624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2624.6.499396973\1837866161" -childID 6 -isForBrowser -prefsHandle 2980 -prefMapHandle 2984 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {a362ea7f-f326-4927-86fc-7d2affd7d39a} 2624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2624.7.1466091668\1173579240" -childID 7 -isForBrowser -prefsHandle 3380 -prefMapHandle 3268 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {839bf45e-bff0-40f0-8a62-848a5d106f01} 2624 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe --port 49464 --websocket-port 49465

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49465 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49465 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2736.0.1371869245\469464684" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {33200900-9f5b-45a9-ab00-f5201bdfe0ae} 2736 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2736.1.1168418318\1250804521" -childID 1 -isForBrowser -prefsHandle 944 -prefMapHandle 1908 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {ee1f531a-9940-47d8-b731-e923df6474a1} 2736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2736.2.558464732\536949786" -childID 2 -isForBrowser -prefsHandle 2360 -prefMapHandle 2364 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {9ca85350-b550-47e1-b4e9-7e179ad93d60} 2736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2736.3.2038582296\754283811" -childID 3 -isForBrowser -prefsHandle 2520 -prefMapHandle 2524 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {a0b7337d-4bee-432b-a24c-8d6f5a3eab36} 2736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2736.4.1511304511\46497657" -childID 4 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {0faeb719-edda-4ea5-999e-0ed8ec7fffe2} 2736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2736.5.1638330310\797474225" -childID 5 -isForBrowser -prefsHandle 2932 -prefMapHandle 2936 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {baddb45c-d9cf-42fb-83de-4ba2decbe3a7} 2736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2736.6.1595825100\1697128046" -childID 6 -isForBrowser -prefsHandle 3084 -prefMapHandle 3088 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {031790c2-6219-4a0a-9172-53908da4f950} 2736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2736.7.1047887215\912372998" -childID 7 -isForBrowser -prefsHandle 3408 -prefMapHandle 3404 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {d10c2720-209a-4310-bb0d-91caff9a3e43} 2736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe --port 49464 --websocket-port 49465

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49465 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQfyjhY

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49465 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQfyjhY

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2128.0.519327827\1528111916" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {65c79b05-fe80-40e1-8e78-44bbaa560bfe} 2128 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2128.1.300000652\1903300006" -childID 1 -isForBrowser -prefsHandle 1820 -prefMapHandle 2064 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {14547a0a-bc68-45d1-88c0-e461c0cd5e54} 2128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2128.2.1158562929\119867292" -childID 2 -isForBrowser -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {c3d45db3-a86d-49d4-bbbc-eb9036af8e1b} 2128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2128.3.322984926\998941756" -childID 3 -isForBrowser -prefsHandle 2500 -prefMapHandle 2504 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {35685f57-b17c-46e6-8813-a30e55a90fce} 2128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2128.4.1034596747\1781546109" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 1076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {3ad59aff-b46a-44ac-bdff-703ec6b5c425} 2128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2128.5.1998034569\2046346445" -childID 5 -isForBrowser -prefsHandle 2912 -prefMapHandle 2916 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {eeee16cf-c4d0-4985-89f3-b74d50da48a0} 2128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2128.6.1655018450\466290789" -childID 6 -isForBrowser -prefsHandle 3068 -prefMapHandle 3076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {189fc3eb-da30-49de-87da-2c66f8903c64} 2128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2128.7.1242761861\1358595796" -childID 7 -isForBrowser -prefsHandle 3308 -prefMapHandle 3312 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\browser" - {061cf2f4-f039-4f85-993d-7c520f835c3d} 2128 tab

Network

Country Destination Domain Proto
PL 193.56.240.157:443 tcp
SE 188.126.83.38:443 tcp
FR 51.38.235.40:9001 tcp
DE 5.9.14.25:143 tcp
N/A 127.0.0.1:49568 tcp
N/A 127.0.0.1:49572 tcp
N/A 127.0.0.1:49464 tcp
N/A 127.0.0.1:49464 tcp
N/A 127.0.0.1:49661 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49699 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49464 tcp
N/A 127.0.0.1:49464 tcp
N/A 127.0.0.1:49464 tcp
N/A 127.0.0.1:50215 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50250 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49464 tcp
N/A 127.0.0.1:49464 tcp
N/A 127.0.0.1:49464 tcp
N/A 127.0.0.1:50718 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50753 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI29082\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI29082\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI29082\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI29082\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI29082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI29082\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI29082\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI29082\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI29082\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI29082\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI29082\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI29082\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI29082\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpokevotvj\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI29082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI29082\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI29082\top-1m.csv

MD5 7b2d14718e5b5e14913386dade521c76
SHA1 5bd6b9c1da8885dde19cc3b5b6c03e4c15515b76
SHA256 7872d7bacc8c0e65d7ed3f289e2af3431b6e3c58ab44c7b4c6845b260d9c0122
SHA512 5eb3ebbe252d3d6f56d037e52c2eea87f25027cbbcf963193aa548fc12c9381f438db2c0b672d76be3ff2002bbd534188a87152619f71d7c08e4f5abb0b81623

C:\Users\Admin\AppData\Local\Temp\_MEI29082\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI29082\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI29082\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI29082\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI29082\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI29082\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI29082\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

memory/2624-659-0x00000000086C0000-0x00000000086D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecrTiip\extensions.json

MD5 fc394fe2c7a725d59e9207de4757b127
SHA1 92fd3003449021a81e8a31cb7a49f921ddaf1a8b
SHA256 b539cce4e5550061edb83f63d57489ceb92b79aa7ed598efd0b403dd736e02ba
SHA512 c88a2e2ee754c4191c79c1adf1604374d7f3312fc6c73128702765ec96c689f32313814de1c75aafcc7f02d4e43bfed237b67ef4d3d5365820ca47eb2de584ee

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 8e5e147a7b337914950b9749838e6b00
SHA1 e9f2a7918533bf1158cc834f494c0fe372c159c2
SHA256 91855cec02dee51a398d21a5e9dca3864aa3b7c001c04ea6e0e59b112d4e66f2
SHA512 478502eef9bcf8317b125c64ba211aff774c4407e6395513518c035ae964422be482879ae7b4f0fc498d8af616016093b55d1f474e70952f3f1f78a0191b159e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecrTiip\prefs-1.js

MD5 015373276a07a2251725284171725ac9
SHA1 1909e7d9c1723e1007433f64d6360608de8f4ceb
SHA256 715c78953c8f1374039f70f3ec94317ea5d9eba8f7da4ae768b6c18ec33193f4
SHA512 772e2e6c410fef7968a3fc5154fa6fef1e2e15792f830e5ea0f07f605cd963f5e3203b99a09fa87476b0434235f57f1a67365d0043559f7bd95880d9d5a31f82

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\startupCache\webext.sc.lz4

MD5 b616ab82f75eb1b87d0b22337b775b73
SHA1 4231e63ad6ac39fbc52dafccf7fd430ed7906192
SHA256 32b3cac4d8f9b9d2f864b7884de402729d13fb3a202e4b33c9f7df72295f8469
SHA512 0f0d893c92a7f34bcb125ec43ff7826882576f1285a40e6b3ac2f48b48b53335035826a97949f92e7cea75030b71b0301b732b8d9c445eb22e6c195a2912ff67

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\prefs-1.js

MD5 7927a6b42e5a21ee20c589bcde9d9d85
SHA1 9415869c6be07327957b62321fd556a46b21f9d1
SHA256 c22035efa9d3e7b11e164d36ec7032e7df2dbf20b2ff6910ba1f020068922846
SHA512 7ca4b7ef56876b64eb1ff8a5de41c1032dcc69118a6c1dc3ce57ded92916a9cb672c204facfec6efcaf4f7a78af6b8561addc279a78c83e016bdf0dfafd61f9a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\prefs-1.js

MD5 70ac112f7ef7feac620b339cd966011e
SHA1 6713a0aed0521757d7ff8b199836e4c8e816c525
SHA256 687a0c33e2e3ab716988524249db6ef090ec50447025e66ba9cf2e1981d41dac
SHA512 b986afe014e44a8a6b291899ddbda629383d4be8d7bb1e5ea13da52bed11bbfc3759f11303d8b01b27c9a9caefbbcbef983fea152f0f803909f7f109237b78ba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW7pZPo\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQfyjhY\user.js

MD5 f726d6786cc20f97d0e62312b307aec4
SHA1 a2271ef7007cfe7788e04f6f51dd85f1ec1750c6
SHA256 53d764d0fc932f2c569c43ecfc55ba0af69cf921b0ddcec8de94aba79cbfa73a
SHA512 c60c1a53e87666acdb295c3aa92784906d168e723231b464b88dcb1ed4020f36e52416a076d56abbaf7a0bf9604156a32af34d5430cc137d599c659bd3fb08db

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQfyjhY\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQfyjhY\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQfyjhY\prefs-1.js

MD5 e896e64542ecedc9f4dcfe7ee518cfe2
SHA1 e8bc6ee982c43410b9da80a916c8b42732f646de
SHA256 4376e08248df0c808f45f2635ee80e2ca509d3306ebd39bc5d6bd13af538536b
SHA512 60d7584d32aee2b9be99afebc85bf9bf6c124db3bab713fdcdc7f7cfc74e8fb84b249270d43035852e7c1c55672d12e395972e62b2a4e5f7322e0a63aacd2d6f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQfyjhY\prefs-1.js

MD5 4a816978dbcf4d9e7d9369806ed55d2f
SHA1 f864d34d8edb9fe7f193a952923e60259da11f5a
SHA256 42a0f8df6da87ac85abcc21d21edc04801b386801f8d596424af63015e2886c8
SHA512 3cdb17691b55a96991bfc39f1694dbf562f1521f5eee21e84b8df2879d519d1ecf30d687b1dfb421446f61db74d8ada846b62aa9b83b73dd5770f5b0237b4afc

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10-20240404-en

Max time kernel

299s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1380 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1380 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1224 wrote to memory of 196 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1224 wrote to memory of 196 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1224 wrote to memory of 200 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1224 wrote to memory of 200 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 196 wrote to memory of 2504 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 196 wrote to memory of 2504 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1224 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe
PID 1224 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe
PID 3908 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 3908 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 2392 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6cnmlC

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6cnmlC

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4680.0.752554029\510038897" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {81f33756-8dde-4bb1-b027-68b78f5cb613} 4680 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4680.1.211753846\384336214" -childID 1 -isForBrowser -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {21ed788e-4961-48d3-84a2-a284d9385496} 4680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4680.2.1993439484\1383156113" -childID 2 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {1f58abdd-4644-4f5c-aa68-cc59f0f20970} 4680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4680.3.1021315759\2014332544" -childID 3 -isForBrowser -prefsHandle 3036 -prefMapHandle 3024 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {836b79ac-c0b9-486c-add8-1e495f0024e8} 4680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4680.4.1118262621\979761320" -childID 4 -isForBrowser -prefsHandle 3580 -prefMapHandle 3244 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {e1bdfacf-d969-4626-bb4c-dbfb28f7c013} 4680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4680.5.1699419626\83068488" -childID 5 -isForBrowser -prefsHandle 3732 -prefMapHandle 3736 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {04e58b34-79ba-4df6-86a6-38d2787d1cc6} 4680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4680.6.682705344\616444836" -childID 6 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {4ffce87e-d01f-4dcc-a45d-085cb11671b0} 4680 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4540.0.135764832\1983665943" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {108d6f85-3de6-4ed2-a3a9-7d74ea101f7e} 4540 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4540.1.1879763273\556368866" -childID 1 -isForBrowser -prefsHandle 2460 -prefMapHandle 2068 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {e1b2d94a-f440-4d6d-96b2-6c66d25dff4b} 4540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4540.2.2018835662\1522719548" -childID 2 -isForBrowser -prefsHandle 3164 -prefMapHandle 2988 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {56930e78-f29b-4728-beb6-c2f5ee9ce464} 4540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4540.3.403960301\1987152580" -childID 3 -isForBrowser -prefsHandle 3400 -prefMapHandle 3376 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {e22258ac-f0de-4bae-9dd1-1df50ee0ccf7} 4540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4540.4.1078153168\639519436" -childID 4 -isForBrowser -prefsHandle 3500 -prefMapHandle 3492 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {9e25d0d3-f575-4707-85af-ac3c1ca1cab4} 4540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4540.5.1201255225\1409153733" -childID 5 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {d27b039e-51e2-48ac-a6c1-3d283437de4a} 4540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4540.6.1338675147\418872279" -childID 6 -isForBrowser -prefsHandle 3908 -prefMapHandle 3912 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {011f7811-ffc6-4e0b-8ef6-4571d2d2e81b} 4540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem3imb1

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem3imb1

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.0.156067204\249918571" -parentBuildID 20240416150000 -prefsHandle 1500 -prefMapHandle 1488 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {0d85917f-b9fb-426e-81b7-d6f291458ee1} 3700 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.1.937866730\290844901" -childID 1 -isForBrowser -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {dfc4de4a-d936-4cf5-b361-d1523029b5aa} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.2.1122229042\526166447" -childID 2 -isForBrowser -prefsHandle 2976 -prefMapHandle 2880 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {f271917e-ba36-42d2-ae04-4199dc6aee1a} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.3.1789539709\1962469627" -childID 3 -isForBrowser -prefsHandle 3064 -prefMapHandle 3052 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {17465c1e-36b5-4723-af50-6c6cedeafcde} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.4.1140845192\1362184724" -childID 4 -isForBrowser -prefsHandle 3524 -prefMapHandle 3528 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {0005dd1d-f658-4191-bcf7-ff09173cdf69} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.5.2080269823\1852079019" -childID 5 -isForBrowser -prefsHandle 3640 -prefMapHandle 3500 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {14e2a8eb-fd3d-48c2-b874-dc0f59a6028e} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3700.6.333084401\1914487309" -childID 6 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1064 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {ec5bda19-6d57-49b6-8309-473d3997cf37} 3700 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8m8amR

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8m8amR

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="96.0.1199138056\349893495" -parentBuildID 20240416150000 -prefsHandle 1532 -prefMapHandle 1520 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {134b5b93-8cbd-4592-aaaf-7428a2f2c48c} 96 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="96.1.1446061177\1252473394" -childID 1 -isForBrowser -prefsHandle 2332 -prefMapHandle 2376 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {80cf6cb0-5950-4c84-9730-d75c7b0f8967} 96 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="96.2.673767\1658892953" -childID 2 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {cb4d5b69-7709-4dd3-a5ae-fe61ed7fa857} 96 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="96.3.1269979399\797995084" -childID 3 -isForBrowser -prefsHandle 3524 -prefMapHandle 3540 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {6f2d8d18-6ef3-4e3a-9a3e-cf15e9089214} 96 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="96.4.911632975\1645147963" -childID 4 -isForBrowser -prefsHandle 3384 -prefMapHandle 3268 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {6618fb67-7a99-4ee6-b503-722214a55b39} 96 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="96.5.1159081819\647244294" -childID 5 -isForBrowser -prefsHandle 3712 -prefMapHandle 3716 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {02e56b25-d46c-49ef-9491-31f5cc20978c} 96 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="96.6.1169021866\1186927994" -childID 6 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {ab13c0d6-bd12-42e0-bb7e-1c4ae863a7d5} 96 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="96.7.1323736801\1496187306" -childID 7 -isForBrowser -prefsHandle 4336 -prefMapHandle 4340 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {cd4d1716-eeb7-456a-8426-51060afdfd7b} 96 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe --port 50047 --websocket-port 50048

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevgxkwB

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50048 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevgxkwB

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4212.0.989370363\699426807" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {31729ddb-8ce4-4978-9faa-862638f76a15} 4212 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4212.1.1111728066\2030956022" -childID 1 -isForBrowser -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {73f12da7-b2a3-476a-a425-ae675f03039f} 4212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4212.2.2054891455\1956232512" -childID 2 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {ea1c8d8c-4974-434f-9107-894595f3d0cb} 4212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4212.3.387794223\456804118" -childID 3 -isForBrowser -prefsHandle 3124 -prefMapHandle 3216 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {fe22729c-8986-44ca-ae13-dfd4bc2edfc8} 4212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4212.4.19338769\567879955" -childID 4 -isForBrowser -prefsHandle 3448 -prefMapHandle 3452 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {530e33cf-aef1-48d9-b738-af1fd68eb695} 4212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4212.5.427224902\38942850" -childID 5 -isForBrowser -prefsHandle 3588 -prefMapHandle 3592 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {2bfd692c-b414-41c3-99e6-ca9726b6cf65} 4212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4212.6.7185970\1476928992" -childID 6 -isForBrowser -prefsHandle 3764 -prefMapHandle 3768 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {ee6f029a-8318-4590-8231-a9ac18c22506} 4212 tab

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4212.7.1190130858\350702673" -childID 7 -isForBrowser -prefsHandle 4360 -prefMapHandle 4356 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1072 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\browser" - {5138c7e3-b713-4eaa-985c-35ced3bd0305} 4212 tab

Network

Country Destination Domain Proto
US 206.217.136.47:443 tcp
US 8.8.8.8:53 47.136.217.206.in-addr.arpa udp
SE 95.215.45.138:443 tcp
DE 185.220.101.204:8443 tcp
FI 37.27.107.216:443 tcp
US 8.8.8.8:53 138.45.215.95.in-addr.arpa udp
US 8.8.8.8:53 204.101.220.185.in-addr.arpa udp
US 8.8.8.8:53 216.107.27.37.in-addr.arpa udp
N/A 127.0.0.1:50150 tcp
N/A 127.0.0.1:50154 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50248 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50259 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50568 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50576 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50869 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50877 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:51142 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:50047 tcp
N/A 127.0.0.1:51455 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51463 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI13802\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI13802\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI13802\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI13802\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI13802\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI13802\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI13802\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI13802\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI13802\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI13802\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI13802\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI13802\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI13802\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI13802\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI13802\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI13802\top-1m.csv

MD5 1c5a92b821d1f470d787a9a4e43d7099
SHA1 776efb1a0b58c2c4cfb769244b35836ea0c0b1ad
SHA256 b1c6e67108c77e2e32246a8605c4b396d90c600afccce4859391c0bca889f4de
SHA512 8c66344cef8354139828277da3112d16e2784780045dab7fd2ee0d9891121dcbc717ca108b9e4d40594bc1d274d4ef0f4009dac2f9c953df66b7031861685928

C:\Users\Admin\AppData\Local\Temp\_MEI13802\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI13802\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI13802\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI13802\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI13802\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI13802\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpteroci1b\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI13802\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6cnmlC\extensions.json

MD5 4848de3a2aa6e7f080cd44d30d22dd81
SHA1 a959c693af50610ac37b3835127f5771f8200166
SHA256 c413622efbf8d44d563da1998c6731a6f14139c94fbc37f927cf9acbee65fbfc
SHA512 f9acde7c3427bb6ea36e9e822cfc79f5a91b1e1d0c840347dc325ad257254400cdf50a30ed068d6d013689b02a5829a236c033e52a2b6ba26bdc7d2414cbc6e0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6cnmlC\prefs.js

MD5 0365b1040d163c5a26dedef130405f4c
SHA1 35b138424e08396d2fe0453841ad051acadf4d3c
SHA256 64849a5f7f34018597ac1f63bd8da0a2be8873c8fe2fa97c9530cd2680720659
SHA512 e1156402358a12f6f3e5011521f9018eb2db77a525597ceab1037a6cdb4886bc69233562924c62d3fed185b6a3328415da2be630edd4e8516035b701d336d501

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 c8db5c568b07eeb65c7738d8aa440dc9
SHA1 661f0bdfaef06c74860013b10d1874e5bb6d49dd
SHA256 6133470a859a09135a4607325f3a935f57b0927603181ff7e3070867eb316ffb
SHA512 01ab03fa3326f588f4faaf05d82fbe5ee49db6a9afc04a6000f9af54d2e7e78dbd2b6ce8984c011efc2bc0af2f3c2613f1713a37cff77127a0e5747af7add766

memory/4680-590-0x00000156AABE0000-0x00000156AAD50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6cnmlC\prefs-1.js

MD5 21e28332035476b211aba4f5a14bf2a4
SHA1 27e5c27eb2beac1b0cf834560504441c4717904e
SHA256 47b15d2dba8e7521aaf97050eb7774421c97e7b75d29bb52cd07feedd9083b4c
SHA512 083fae1a309df00a092063ea899308f34f6c77dba3a44208aa258df253b3d04a722a0b90382ca8b25054fcd904d746c32d858928e357eabef32f213384871fbb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6cnmlC\prefs-1.js

MD5 22b54e70c3c8b1ec11cde2c72b2e1a4e
SHA1 d7ba65a76c9a7de4d2fb4c8b15cc2e3c75a9fedb
SHA256 4d5451379ea5c523c447d5ceb715126ae7a17409744b4bf59f666374b4896156
SHA512 38f6e86617cc42c6506b13acbc379bdac6fdc639bb5b4a98ffe0dc04f8790a9fd2873b8a793bc2e3c58115646329d0fa4d7a8cdfce7dff6768eb4a99cf202ea5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4540-836-0x000001DB9B7E0000-0x000001DB9B7F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\startupCache\webext.sc.lz4

MD5 bed56d9376cefaad5cb7e2e0cdd8d0ee
SHA1 8db48867fd99a187e386c593c3129f80468f6d11
SHA256 b8ee38b4dba9a9e02862ae216d5e08ddb82497fd4458c21850e3c496ac7e10d2
SHA512 9b4f2d20dba4fff7202323d3af18bb02f7728446c8c432f4799453c01b0fcc59f3bae63710596468d40f70cd7ece79becec3da858bd72d51c40fa6752b884efd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\prefs-1.js

MD5 35dfb180bfdf69ce888d603aecbe5bc3
SHA1 277808a47e90e9c6d08dd6e3ffe03b203f34baff
SHA256 b10fc7c46bf30b00a25bfcd8b9e997ed8285c864dbfe38526705b3b75758f9ae
SHA512 14c10b9762fd01835360897deeb27b520426f4248c9b3528c64b9cd94daadf47fc48fe1439fa6ea5cf8f4fdc656d299496f81896d03f05eb8b0335df191200cd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\prefs-1.js

MD5 22ee8b4c48692ea1f28dc687504700c7
SHA1 2b3b6db5093ce275e68ff9f579ddb3027efd7b75
SHA256 1fc4214991ed0f77e49db219ee76a3037a80d6f2de424c91ae4fa32e97087afa
SHA512 ee597e655e714a5bf6f0e88c93fec8222e62a0ced20cc2b1e356546c39bb9c808f5e908d68f4e121f7d4814d7dd55ce71cf2c1a9072ad21d94acf2a244aa3079

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileRpZ2uN\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem3imb1\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3700-1105-0x0000017341690000-0x00000173416A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem3imb1\prefs.js

MD5 4275444150fbd03af06e9e5d7d0a1aaf
SHA1 7b90197889fe7d4823b9f7ed73a4c7ad1847b7b6
SHA256 56c6789aa89ed3d247172c55d6bc4206e9bd3b585130fc04e2f34287f3dde26b
SHA512 aa12f546fd9ce6db4dfc85fb59c8877c4a7d88f9037fad1c7e18360465369e2842d411512001f9a2fc43fe27acf8392cfc67891b879ec49234ebf075a68b25b5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem3imb1\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem3imb1\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilem3imb1\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

memory/96-1360-0x000002E51BFE0000-0x000002E51BFF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8m8amR\prefs-1.js

MD5 755574a43f6ea906ebf94e5df115ba6a
SHA1 fd32e9fc659ae34fe37ea48aad56e01a60d149da
SHA256 1c81c269b1d4e4ae8d00cacca6a52a06a0f70e672035a5f1233fe69ad3d944fa
SHA512 33653f51f1e5ae2e11cf365c389ab82d299b106a8b1533d3f84fe6d6ccff01e301bc1df228130097d9ca558516fac0535406aebcb761188cdcbac4ee2c2669b1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8m8amR\prefs-1.js

MD5 19c6721a410c9389ffb87f7ceca2553d
SHA1 2b44ccec33a28092dca2ce80226dd64ee8a38e97
SHA256 bbfa348642cac2a6a92615836c2a12d637bede61fe2b6885db8026a903161b8b
SHA512 78ca78d2b457b3dcf3338e5ea2fc9415e26cb551b1b0a793e4ce9e5f2f5557cd54bfb035d2f238694d95057cb18c800004b9b9f421a346390007800a04d89bc5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevgxkwB\compatibility.ini

MD5 9f49e8b476c5082f6ef017ace1cb9538
SHA1 4e9eaabfb376cb858eb8993410ec799f144e005a
SHA256 dcb2fe3cb06265c44623d7f1cb51eefd4c5596ed41d6c410dac936dc07fb3892
SHA512 23ec9664be59e4c6485d9ab3f06e11ce1adc5aa677acc023b4f7f766cb0a7f44204126ba39cf5264349eb8e77553d0a648974cd2d24dd286e92a8ed234fc62b1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevgxkwB\WebDriverBiDiServer.json

MD5 216124f2269113ca0ecf39f9e803a32f
SHA1 e1a958c8fae3af75d7fe9043d14ca67d374dda40
SHA256 5591b0c8f17240b6f3cb972577356db8cbf62ccf7b97c31311c16f857a575983
SHA512 4c9a3a107b2158ccedced282235c9d0feab0ca73b25d17e2831589cad733351cd3ce7e294e6dcaa8c5b2f3cb24f9a24fb145ae6da2c83783e2f8354ff9c05b33

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevgxkwB\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 5a0986af90cafeef377b9b22111e1ef0
SHA1 d7827511bc12c0a570d77b6ad8737d384e29f0d2
SHA256 20643b975f59dbd8a2e7f253957a556b38e347fcd8845904ec9519cd1c650f2e
SHA512 126dc7513a44b4b7e92d316cba890f6d68af8fb90b451630f0463b5653a7908b4fa6fe0b74a769764985dbb69d864ff22e7829edacd7030a77d4fb96ff6960b5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevgxkwB\prefs-1.js

MD5 6eef22a796fa0d55bea26ed4797786f7
SHA1 2d4d95b78c954e94702d9feffb642e908bcae807
SHA256 11af5209389e4666b9d99d004d55006c4c340ae3add74926dd23970e386b29c9
SHA512 5a63231ab3bb1682f4ae267ae8c3035d6bfb62c927cb9ef708d37d48c8cfd6dc252bf622e4bc07003e3d04367202190f7f8f4d0450acffac02618bfaaa08268c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevgxkwB\prefs-1.js

MD5 ec6f05009be6e6c3600b53c724f05d5b
SHA1 9842bac1ff74297bda8636c512201077098db6a9
SHA256 b55e9a99fcd93c46c0bfbb1983c894f376fe3f56661bbc7c0edb9dacad374230
SHA512 7b7799da732d9cdf669736802dfd9576f7b58b21463d2378b739d3146b63808d1b4b74f40b247b33a479b4ef48499d89c8f3008dec11deaec5da1138b55b641b