Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-ccgs9acb2s
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
pyinstaller evasion trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Shows suspicious behavior

The file heavy.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller evasion trojan

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks whether UAC is enabled

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:57

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10-20240404-en

Max time kernel

301s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1768 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1768 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3320 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3320 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3320 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3320 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2908 wrote to memory of 2720 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2908 wrote to memory of 2720 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3320 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe
PID 3320 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe
PID 656 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 656 wrote to memory of 684 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 684 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe
PID 5108 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekJuz44

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekJuz44

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.0.446521384\1347972851" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {ec439d1d-dc4a-4969-8fe8-cdecf279df9e} 5108 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.1.1931298827\2049998729" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2584 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {72dd07de-5c44-4ed1-84ac-e85217d8a498} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.2.471610062\741100005" -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {29685976-527f-4bad-8671-360afc134579} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.3.974481805\877237391" -childID 3 -isForBrowser -prefsHandle 3136 -prefMapHandle 3164 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {7904bc5f-8aec-4ce5-886c-53ed671f5edb} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.4.1453444250\2016895169" -childID 4 -isForBrowser -prefsHandle 1348 -prefMapHandle 3388 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {f0b77fc1-df8e-4fa3-95f0-a00dfee14471} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.5.1852267013\646345614" -childID 5 -isForBrowser -prefsHandle 3768 -prefMapHandle 3772 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {55b012cd-1a8a-4391-855c-6e55918802c8} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.6.680533416\1857262716" -childID 6 -isForBrowser -prefsHandle 3828 -prefMapHandle 3836 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {652aaf5b-9ecc-4559-aee5-844d1c067487} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5108.7.1305128827\1463072536" -childID 7 -isForBrowser -prefsHandle 4264 -prefMapHandle 4268 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {45ece22a-a84c-437c-8508-b03490eba3ee} 5108 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5012.0.863998861\251394694" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {55cb8a8f-1729-4607-beab-9f58c22ecb50} 5012 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5012.1.326405812\1534564197" -childID 1 -isForBrowser -prefsHandle 2312 -prefMapHandle 2328 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {0a11a219-2dce-40e1-9079-cef6b24af669} 5012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5012.2.1237659393\1973295669" -childID 2 -isForBrowser -prefsHandle 2700 -prefMapHandle 2820 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {3aa8a778-a8c5-476e-a462-6c0af7a7e1c0} 5012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5012.3.1334899475\1877967637" -childID 3 -isForBrowser -prefsHandle 3460 -prefMapHandle 3456 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {fc96ef6e-9b34-420b-bfd2-df2fb4b434f8} 5012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5012.4.832972846\638802038" -childID 4 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {8df6b8b4-f96c-4a55-898e-23a69389241a} 5012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5012.5.501997285\1825181594" -childID 5 -isForBrowser -prefsHandle 3820 -prefMapHandle 3804 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {06969942-4979-4954-a4bb-5bb5b02934f7} 5012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="5012.6.1129365473\1270307742" -childID 6 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1144 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {cd9a1c4b-0b37-4ac8-9601-59e3fba2c2c6} 5012 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileU9SfiC

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileU9SfiC

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4524.0.1613597044\600979560" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {76fd1561-ffaf-4b7e-8dde-24446c5f5858} 4524 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4524.1.1857545110\716384053" -childID 1 -isForBrowser -prefsHandle 2240 -prefMapHandle 2340 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {460c5d28-27d2-431b-8634-e3a44d013079} 4524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4524.2.1398809148\657085258" -childID 2 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {96ab7dc6-5fa8-429e-96bb-7c99c469eaa5} 4524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4524.3.1721184049\1869354989" -childID 3 -isForBrowser -prefsHandle 3376 -prefMapHandle 3380 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {624da79a-9719-4ca7-bbcc-54031c6771a3} 4524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4524.4.290336474\1154587896" -childID 4 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {78e78083-93df-4a0e-9a74-5ba731fa909a} 4524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4524.5.747684925\2077833963" -childID 5 -isForBrowser -prefsHandle 3752 -prefMapHandle 3748 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {b4bc8caf-61e7-4e9f-8aad-8e46bc329b82} 4524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4524.6.855206744\1896349842" -childID 6 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {2ac8f61c-8ef2-4b17-a8dd-ec7fd5406001} 4524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4524.7.1368122711\1797434853" -childID 7 -isForBrowser -prefsHandle 4360 -prefMapHandle 4356 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {eb1a430e-dceb-4c3e-8465-8ecf6468b2b1} 4524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef4eqcz

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef4eqcz

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="2444.0.1976080341\1679196789" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {5c16fe53-8d44-464c-aac9-f8d5d7711dd0} 2444 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="2444.1.1960252989\678363137" -childID 1 -isForBrowser -prefsHandle 2388 -prefMapHandle 2204 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {e4639ae3-fdf1-4402-862f-a2f567aba622} 2444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="2444.2.422697171\1812498819" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {5b566240-27d3-43e8-9d67-675969a9da48} 2444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="2444.3.1608242765\610845119" -childID 3 -isForBrowser -prefsHandle 3224 -prefMapHandle 3228 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {c8d64a10-f056-479f-b5d6-ad6c8605948d} 2444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="2444.4.10589162\1716036345" -childID 4 -isForBrowser -prefsHandle 3224 -prefMapHandle 3260 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {648ba182-f067-4e8a-9e7b-dcbfa86f49b3} 2444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="2444.5.1057714043\161265722" -childID 5 -isForBrowser -prefsHandle 3500 -prefMapHandle 3540 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {95d98881-e43e-4977-bb38-35aa434a349d} 2444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="2444.6.17655839\1537005132" -childID 6 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {d4b03611-870c-43bb-8992-1a1fcc18107d} 2444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="2444.7.1461046623\1045057967" -childID 7 -isForBrowser -prefsHandle 4284 -prefMapHandle 3648 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {5ce847bb-89b5-4dc3-9c21-113ea36074fe} 2444 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3zcHGK

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3zcHGK

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3180.0.515160234\1929448838" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {6b69ca95-b79f-4dc8-bd73-9f87e3de8715} 3180 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3180.1.1232819214\369039097" -childID 1 -isForBrowser -prefsHandle 2256 -prefMapHandle 2212 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {f74a503b-9b82-4910-938b-73b15269ac74} 3180 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3180.2.808948506\1201348627" -childID 2 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {b569025c-6ce1-4c2d-be37-4e94d0a6d1d7} 3180 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3180.3.720592793\1830665916" -childID 3 -isForBrowser -prefsHandle 3288 -prefMapHandle 2988 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {3830f4d2-2c33-42a0-91fe-6cf8efd628ab} 3180 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3180.4.1574712953\619440518" -childID 4 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {cc0945ee-7752-4e90-813c-7dbd80754f98} 3180 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3180.5.1602455513\1233710657" -childID 5 -isForBrowser -prefsHandle 3840 -prefMapHandle 3836 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {f88b914d-1010-4904-a1a2-f2a053c4f208} 3180 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3180.6.1099015747\1637977473" -childID 6 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {7732cb0e-c8b5-4086-bdb8-a039a8bc562f} 3180 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3180.7.643540783\1389345271" -childID 7 -isForBrowser -prefsHandle 4312 -prefMapHandle 4316 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {19e3defa-d1e0-45aa-b4f8-cdafad5959f5} 3180 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIx2bW

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIx2bW

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3352.0.1253293851\1060185116" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {0ce6a4e2-dcea-4baf-b2f0-c46a876dfb1f} 3352 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3352.1.1998782002\1939200478" -childID 1 -isForBrowser -prefsHandle 2260 -prefMapHandle 2276 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {d1200ff0-cd3d-4452-b7a5-c350b6d6828b} 3352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3352.2.1285489507\966513227" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 3080 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {64088f89-966e-448a-9cd7-e94d5ae3de24} 3352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3352.3.468794430\1292096625" -childID 3 -isForBrowser -prefsHandle 3100 -prefMapHandle 3232 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {0c95b1c0-f2df-45c9-abae-27d2edf48154} 3352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3352.4.78070381\113700742" -childID 4 -isForBrowser -prefsHandle 1372 -prefMapHandle 1368 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {0c004af5-2ab2-482e-8826-8c9609b3c332} 3352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3352.5.1128539870\1638345079" -childID 5 -isForBrowser -prefsHandle 1360 -prefMapHandle 1356 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {69f0777e-627c-4b81-a122-24662d4311a4} 3352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3352.6.47156952\1703797488" -childID 6 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {4373a6b5-e4e7-4b2e-8cd8-6f39077ed421} 3352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3352.7.1969682216\523267296" -childID 7 -isForBrowser -prefsHandle 4380 -prefMapHandle 4368 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {a5a2cf98-a21d-4cb0-94be-14c8fd74cab3} 3352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="3352.8.1029248805\507119669" -childID 8 -isForBrowser -prefsHandle 4216 -prefMapHandle 4220 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1108 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {ce70d3dc-428d-4ada-af54-ca2438637f55} 3352 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe --port 50042 --websocket-port 50043

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9nKKDv

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50043 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9nKKDv

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.0.1565631540\1873159405" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {9f5088d1-8d21-4729-b079-eebb472ba07f} 4128 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.1.362140609\983515894" -childID 1 -isForBrowser -prefsHandle 2200 -prefMapHandle 2080 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {a175c0fc-c721-4848-864b-9f2ea2d67e87} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.2.1794599883\1143380658" -childID 2 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {54c0f071-a306-44fa-a686-e3d4fce807f7} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.3.1792348056\146022304" -childID 3 -isForBrowser -prefsHandle 2968 -prefMapHandle 3404 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {1d5161d3-56bf-483d-9819-2aaa25eb9630} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.4.517735029\845788231" -childID 4 -isForBrowser -prefsHandle 1364 -prefMapHandle 1360 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {f686ebe6-1fff-4937-98c7-7ec1ab3f2e04} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.5.74363028\2021719317" -childID 5 -isForBrowser -prefsHandle 3044 -prefMapHandle 3544 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {79f302e4-3ac4-4ff4-8883-04b0aff9e34c} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.6.1148650835\609764317" -childID 6 -isForBrowser -prefsHandle 4088 -prefMapHandle 4092 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {7e3bfc4f-2756-42a4-bc72-58f0b6735a64} 4128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe" -contentproc --channel="4128.7.1800154060\1607909990" -childID 7 -isForBrowser -prefsHandle 3964 -prefMapHandle 1360 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1120 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\browser" - {ca18f815-867f-423e-8e36-9f193a6349e4} 4128 tab

Network

Country Destination Domain Proto
DK 185.129.61.5:443 tcp
CA 159.2.191.175:59001 tcp
HU 185.225.69.232:443 tcp
US 8.8.8.8:53 232.69.225.185.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 15.204.220.109:8443 tcp
FI 65.21.94.13:9443 tcp
US 8.8.8.8:53 13.94.21.65.in-addr.arpa udp
US 8.8.8.8:53 109.220.204.15.in-addr.arpa udp
N/A 127.0.0.1:50145 tcp
N/A 127.0.0.1:50147 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50242 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50250 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50621 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50629 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50893 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50901 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:51184 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51192 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:51519 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51527 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:51832 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51840 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:52173 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52181 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI17682\python38.dll

MD5 5bbf6fb8fff2262a0c367c011bbf1fd0
SHA1 7fc6f1ae4508c7f860fa7d2b73c188bff27d2d6e
SHA256 58c2d2bd5e50158c8b4c81249d73b8ba2d70bc4db65dbf785d1950ce60aea6d2
SHA512 8930e2faa06d1e086e4c56cbac8efcc6b3da563f2008488f927398e51fea17ddf6c66c40190d106944acb91f6206e54ce0282a1415c0db073e6eb15069e33ad9

\Users\Admin\AppData\Local\Temp\_MEI17682\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI17682\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI17682\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI17682\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI17682\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI17682\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI17682\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 dff7c11471a2f55c9dcdbffacbdd24e6
SHA1 a86bf99113b0118aaeca6ff79a53d2b1a68b85a8
SHA256 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5
SHA512 f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

\Users\Admin\AppData\Local\Temp\_MEI17682\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 298e9a431569a0e92f05bc5842bf662f
SHA1 4368a26d11f6e851a0100e89d8bdd4e1bd7fc565
SHA256 138a6552551731ff915a29123472423a322a6af3c660240c742cfa84726e53de
SHA512 70032aaa53bd3a9b8c1b3822901592b88f547809fab89297a44a997b152de054acd8eb5f22ab5ff7326fec266a28cbfa820c768c298cd31d58dffad3abe8030d

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 eafb41f5645a7cae998d6cd243be6ada
SHA1 fdb83d0ada365d1c95d68fa756ef28c30303e9b9
SHA256 fe7551d078fb3a6f56ce355138cf9e939ede4367cc65c8a78ebbd5acf913f963
SHA512 f971f408fd940e4e675e29aa694ce1b5394e4781cafd7c72843dd71d5ceeadcc9a89bf94ec6da2c1bb3d0137cd752db5622b4ad4c5af3a87c861fb84444aff42

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpe0nyo3u5\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\tmpe0nyo3u5\webdriver-py-profilecopy\favicons.sqlite

MD5 c8b513740236fd5e2c42cd68a7cb4006
SHA1 b0a8633be6a4f2cc7294a148ead5a07e42b132ec
SHA256 abb20247291fbb197afea2b89bdeff233bff926de58afc91284f42072c43b3c3
SHA512 f507f161fa66ed09dcdd3185e3642f0eef837fa0c0889e712f55e40da1ac46a682e9ba948ca8860d653d7ac7ab70881d07592e3fd1c13f72da55fe0d43d1c0c3

C:\Users\Admin\AppData\Local\Temp\tmpe0nyo3u5\webdriver-py-profilecopy\places.sqlite

MD5 c887ddee86a256ee285a0a08b0f2ee92
SHA1 2a8d30adf798f2a558567174eed00083bcb1983a
SHA256 d5d8152cf37a5144033d6e620a66acb14ba1f1bf4f33bde0055f5ea9efc9b8ba
SHA512 0035cfc296a3ebde627ec851639efb9977e0a7b0f50363bb91ab7e5b64f5087b54de681d9bc6c8e4ed950af5ce60760db662044c6e0c6cdc22bfea1c1d645123

C:\Users\Admin\AppData\Local\Temp\_MEI17682\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

\Users\Admin\AppData\Local\Temp\_MEI17682\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI17682\top-1m.csv

MD5 b58bc1699f12cd6f5703e2af300807f0
SHA1 b0e76b91c811586a6055fdc339984eeb9e8bcd77
SHA256 ead0c526b160ad6b8d30ee0851f2df0e2a52e55285afe154ffac8e5b80588b24
SHA512 3127bce4d91c4e7e5ee47e99748a5253cc8e9e3135f7450b01795b42c18e5d3fc698eaae7e547af7c5ae6f73dd4c8aed7d5a83ad0a93c19070fcae0e0b1c64d0

C:\Users\Admin\AppData\Local\Temp\_MEI17682\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI17682\nss3.dll

MD5 c41186be6dfeab0f5560925d513e76e0
SHA1 95cef9187d4b3a402a5eb69ddc94e09c8488374b
SHA256 c97e4243863fa797372049dfca6953077436c0bbe9d0f28fa6b4c114af2ce827
SHA512 1a1e52028cccf7ad85f1a0281c1efa13b441041599b1d08a64b0e93fa2ac23d892995ef19bf3da2fc6f3d5a244d396fdda110ffbc10e715e763ff900854bb1d5

C:\Users\Admin\AppData\Local\Temp\_MEI17682\mozglue.dll

MD5 500873bf52d38268fb29e69bc4d978ad
SHA1 5aa1eebc1dfd4b71d2c4cdc5a78ae9469f477d3f
SHA256 e08d53dab75d57f2861246a726ba79da5047e19d5e61d56981e71f625303c690
SHA512 03e7ec4382f394a1e1fcc2a0de64ad86da1536037e8820644198b351707ed7d5694495ac09a458d76b3c11a3aa1a5f7546ce411cf49955dbf3f14e72c36ca71d

C:\Users\Admin\AppData\Local\Temp\_MEI17682\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI17682\libcrypto-1_1.dll

MD5 9745a302ba079a1da099ca5bb2d29e67
SHA1 1180e5767cd3a3db0b482c351fb3b0731c79139d
SHA256 c3a6a2661986fea8dfadf20fa682ae75a7f779e8465742079d37a2d7a2152380
SHA512 dd2ab9d7cfd10f4b1228910a2db481060f2352fba78b95d193b915b2ef601aff421f662b7c446717ff4a279299b5c319ac74ad16d1493fd9f026602dfa748de4

C:\Users\Admin\AppData\Local\Temp\_MEI17682\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI17682\geckodriver.exe

MD5 a828b1ae8ac0eaf48a27e278ec08f3d2
SHA1 56b2ace518b895664547ffa1d29b4816b1db7027
SHA256 f6cd909f38dc36aefc347a1b35f9d4f47502e22355d2af30489e858c865a4938
SHA512 b0be97c4b29ec45a44fe2e9d80b8d9aa116cb292fb29ee05d4cd02cd5fd9849c0a8ef21514e463d7554ae550c93561c1061bb6981417fb2d4d429ecacb2903b5

\Users\Admin\AppData\Local\Temp\_MEI17682\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI17682\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI17682\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI17682\base_library.zip

MD5 2953eae4b9bccffa772d0f47d26d3355
SHA1 e7edad0c368cba096effeb867be315a1218b416b
SHA256 866e571842ee26330002d42161c392840e52c3744e3fdbc7c1b1381a1b8de52b
SHA512 e6ccee2dab67ec7a019d102713c06f6f9e6753e5e4b5da82ef551b50f177fb8f44c8b6b2dd6759228395a18e8a97a03870707044e6417615b849c46b621d6c56

\Users\Admin\AppData\Local\Temp\_MEI17682\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI17682\python38.dll

MD5 c40c36a527b224a242b22a301df7bf0c
SHA1 41099f8b597e5ba6f4e7b8cdac655fa432a5ee28
SHA256 68cc16d68ad3cc8632942005625dbf23aa90b9a00c18ebe83981f66c8a34830e
SHA512 97008b6af13408d061341a881a1285b2c810dedc30948d0785e19d25526320ef9304170572c637d66d9c7470a9dd007f1a8417305d9e63fe0ca8c3ca5b537e50

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekJuz44\extensions.json

MD5 f3f89d85461f1ef9060bffafcb62a40b
SHA1 6eeaf2aa374bd3a3090262725d828c27763d3806
SHA256 ce55be5f1c39e6bbd5dfbfb7e91a638c9ac65e23211c7e7ac6473ced82d682b4
SHA512 53a8e64075273cfade846e2e6dd3c9aa9144ea8d2a99ab0e0d2f6dc043f2f0bb379607ee3b6c66de6dbb780cd79ee535f36eab2396b2dc891b9fcb6098a94412

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 5f9be6b584bc3d9efc1491e71e1cc0e0
SHA1 80b14aa244578f2857f128411962adac06527b00
SHA256 8147f1949f6ddc5c9a4bc359969118b9cb2ba2fb6631625eb97eb01112ba5a5d
SHA512 25f37a2ba795ef3e030476f73f08358bc995a3e0bf4c56ceaa5b6b9fa7bc348813480bb7298e08120955581d2989496e362f831d0e3fa09843b50bb6ae4323cd

memory/5108-575-0x000002656D4E0000-0x000002656D650000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 c11f0dc145da56001a2ace3818bcc816
SHA1 7c93c37ecc25088b6b724d135b85eb4df843ace6
SHA256 1b87653d1ccffeafa890ea36f2e30831321bd044c91403a41556e0c0ffa81f5c
SHA512 c9bd24e210974fd4971817f28dac5a8a8927e8ec4f51bde22a786da66bc2ab533e2b0a6f24da879ed2f2c5ffeeff1b2b905746235b74eaa933f69c3d1b5d61ae

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekJuz44\prefs-1.js

MD5 1b15ac9bc2e935d6d5289258a05c7ebe
SHA1 179cd1a0be55bbbe1f74b3175f18f52658eec10d
SHA256 3b0dee5f1aa015eccf56cf2ba0899662d76fc4b37c2624270747f6132f9c1cd8
SHA512 25a4f9b7b0795ba9c4469caac7dd41d1b801575835da19d1dc68d3b8e964cdb4ca2ca4c35f1ab1c22728010ae506a23a8fa374cbb655cdcc70000f793e925379

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekJuz44\prefs-1.js

MD5 1f821a9ce01a4693fbec5510f232a3f6
SHA1 734a4117133a354d9bc457a896ed241d6f0c246f
SHA256 bf935b63a370391ccf399adb4efb73847447690849b53488ad5b85ad2c791d11
SHA512 33cf5ce757d8273e63e3daeb33cb4d4ffa4935fc588c2f8a61b01ce954bcbb8bb9983095ba12ecba25a474ab2c93f024ff78293b0c4c090f6a5d3e6ba075a551

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/5012-838-0x00000292C83D0000-0x00000292C83E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\startupCache\webext.sc.lz4

MD5 2de7cb20e9d3f41175278fc48b61fea6
SHA1 8d99273629e1691b1878b54c9fe843c3456dfc3c
SHA256 49a3cb75e3cbdfe0c1fad8b78c7037d5916b9ef0215d7cfc5fbfdc698d0c721d
SHA512 0ddb204e739f45a977f90987546f951053bdfcefc65e09ec076a78513716dd56ca48d4bcba0e9dc792efee1f2a89aefa90bd12b6efb370af95d8b4d42d2031ca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\prefs-1.js

MD5 70ae42789ca2c1ef94d31e6d9ddfd9d2
SHA1 63478eb18e516580e9f092b66566625d8419dc14
SHA256 50f603db5180e5e9ff8532e1be7c02362f43300e148754bc35ac0c9f4a2b7b1f
SHA512 572720de408c8df2c421643c55e44084954083fbbd615f6c27d29c3d19b55b163e483fedec318779e58981af69db2fafee10980fd4faccd3be5bfe0606c25d6d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilekphdje\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileU9SfiC\user.js

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileU9SfiC\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileU9SfiC\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileU9SfiC\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileU9SfiC\prefs-1.js

MD5 f17e45f43420089dee5dfe5973fc427f
SHA1 560ada3b2ea07deb30a2f199797bade4eebfb790
SHA256 cb70db1f3a8e159acfaa01db5d947474cd1cd495ca577cd7418c82f3650a501f
SHA512 2adee6316e9b134a41ccb5636bca527c71e7b44b346439c1e2ccbc4d8bb6e6f66dd53ac57f715cad33c53a3f49b1fa45912df7a868714d94716853da769ac56c

memory/2444-1342-0x00000223F1070000-0x00000223F1080000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef4eqcz\prefs.js

MD5 d5fdc3c867ab55beb53f2ee592033a6a
SHA1 b7cfd5056f4649110650c5ae8ee1634813366d48
SHA256 ee1a04ad12315f02cef01067bb42377be6b33aa885928c8b0157daae2e8ea45e
SHA512 61572cc33b2b46f44b371594656a3285d119647d31af867969e30bfe047ccb78b42ff512236c6ec2ca5dde32d35df449a853f418e97630ea696099ff5af238a0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef4eqcz\prefs.js

MD5 feaa99475e25137d42bd7f1b59963e51
SHA1 bba267259f69d9828bca0db7e7e03e273edd41d3
SHA256 a1b8622546d4e2874887cfd36d78727982fe4d1bec6b9525c6ebf04dfd34ee02
SHA512 9835233c7233c36f618b8566c6f29eb0953eda34b159ba9b52bfbb72e24353a6a411c4fba7dfc69f1d8cf88fbb489a0a3fb2c4dde681c44723654cba8764b785

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef4eqcz\prefs-1.js

MD5 4a12a5723d11c217b555b661c8d48d93
SHA1 a9354356dfb8115a70d46d305ef530cd2c192e1a
SHA256 074e6008d9d55bc2d4c55f094ca714512b5914bd75098561dde607bcf4ef2647
SHA512 0eed867721ff1239ea43046585b799a7237af17723980514a23914f2ee3f0f2afbfa59d834ae8d98205364b7aab399f08129e1c16f43e41729b3467123bb3bed

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilef4eqcz\prefs-1.js

MD5 4d514a73e4bb7377779cda0ab4912ad2
SHA1 fdb3928688bb55701fb7e54ebc08d5c452d9b66f
SHA256 674b2ace0bfd9433e9212bd5ee67a8a34e3ba8ad25bad96df7b8b017e05761a3
SHA512 b5242f7418f2c76ed4cc4988cbb5655346427a522ca3f5778c996c9d245f8a704882d6be50b0b98b1d3d9910a65007755b0d7beb5af3126affd5a3c63ede0061

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3zcHGK\compatibility.ini

MD5 33b6d3a4a38677a8dc28756823d328ab
SHA1 557e8f4f74e4bab46368b36873c534709491614a
SHA256 8e01c0d78ae1473d5be2b707a5783bd920cd786f5cfd81d1e82da4c622e9acf5
SHA512 5b603a7fcba741b1a38f22a44926fd87deb015a2d0a433bdbb7fa67e7e92ae640db43dae7655a32809b23f54d68bbec83ed55adc2bb3ba95d6f178b70f83dd88

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3zcHGK\WebDriverBiDiServer.json

MD5 9a67ae82d235120f39c697257eadfebf
SHA1 a82d5409dbda1f3c5d69b7d2c298c0f4a2afb34f
SHA256 2f18d89da280aa8b6b54c71f381d916d2b0737030bf45e4dcaea1fea553bf325
SHA512 eb3657be34dc5297986b65283b1610a663834b394e84798f7090a4cc81da9aee0fc6016dceda7da9cffd820d80b6bd2ba9d13683ec983e8325ef4786fbb03506

memory/3180-1634-0x0000026322AD0000-0x0000026322AE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3zcHGK\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 7688856f4b607076ae8f844b0d2aa417
SHA1 f4a6224c857851a8f221af144a1b39f23bc59b88
SHA256 5d3a1a97d040633ead3a07ff6cd706093b032796086f39b47c644131778d311c
SHA512 96a77d69e135760c4c2672e7a0610e4ddab773b3847af4a68ce91130306c61b71a6a925ac1d24289ab878761467a35c10169dca8f836be43fd0d2bb21d881e84

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3zcHGK\prefs-1.js

MD5 63a7174ac2bdce8c818c499916bffe39
SHA1 82f2d0daa2e55e224f80bb736ee03766873dd0aa
SHA256 81c1337e2febec8d493dc216fac6e8b3805685c401ad2236f35c777b95baadb1
SHA512 816b9048d0fb0364802940d5d43099ce0e0d7cad2d5efae659da008fcca5429cc527fcea1644c6bf06f2f89aa92144e9051fdd921b745c8975d659c3e21858c6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3zcHGK\prefs-1.js

MD5 62c461784601c0547ccd390134a3e5a2
SHA1 ee32805613300e40bcfdc8d7228723e1923f9a86
SHA256 e2b60be1c5df2bf6b662b00643bbd05e24210dad9b8888c91e063b2cce5f817f
SHA512 3cab68b9396a166dd7ee1bcfd9d6a95e180c5194a88277daba28efeebbd58f7c915801531a646899f51a7b9fcb52ed8ce88eb06a0deee7ea54187bbb98694cd4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3zcHGK\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3zcHGK\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

memory/3352-1906-0x0000021F4A800000-0x0000021F4A810000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIx2bW\prefs-1.js

MD5 ec7dbe367122b3e2cf37ef00fa0d7d99
SHA1 591f692e015d7f263ab72ea58fb04c790e6dcc88
SHA256 b000353ad6a94228080c4982a89f26caea8932a12b105f26961b80640c8fb2e5
SHA512 b5fe520714a64df1dabd50290d8f470fbc42f1fb1aeee571e20b9e6fa937ca6d99815fa44e2a6e8b0ea5a97e06dd2be4493c1095d8f4de373d9170c731b03903

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIx2bW\prefs-1.js

MD5 c5eea960b444c86d62c33c90bc453d31
SHA1 5b88fe31b3e2ecd7bd796421400b0d4dff49a04c
SHA256 d21484b24541b17a896c66ae3f0b76227b372e544a0612c2d6c626f3faf8cd80
SHA512 74579d02ca71dbc86aad6f2bbc7631ca17bf381075d145e08eb4655b7701ef91aee221a927f4739849e82294d2c5672ea2ca8cfc36859a0181396dde61fe0960

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileZIx2bW\prefs-1.js

MD5 09523c35c90f534d8fd8c2e39f5785ca
SHA1 abe274103904710029b8a92378ecde04d755a2c4
SHA256 bcd316d3516ea0c516891714bdd7cd6061251d4899094865d8bcadc53fcedbd7
SHA512 3b1b04e91acb2b9e951bfd1ba51cce8120acc9fb1b66ecd9392128c1082b094da4c8a5b5b7ca961f993bd1a68d6afc8bd7dbcbc0b32ba65d0b321bc053dbaac5

memory/4128-2194-0x000001F6B66F0000-0x000001F6B6700000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win7-20240508-en

Max time kernel

298s

Max time network

306s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2196 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2196 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2196 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2104 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2104 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2104 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2104 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2104 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2104 wrote to memory of 1124 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2444 wrote to memory of 1672 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2444 wrote to memory of 1672 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2444 wrote to memory of 1672 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2104 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe
PID 2104 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe
PID 2104 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe
PID 2084 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 2712 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2712 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe
PID 2652 wrote to memory of 284 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKq4gk6

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKq4gk6

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2652.0.716967490\607485300" -parentBuildID 20240416150000 -prefsHandle 1236 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {9c2abc61-1894-4ba9-8f15-efa18a353f8d} 2652 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2652.1.2017806138\34600518" -childID 1 -isForBrowser -prefsHandle 2192 -prefMapHandle 2188 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {7944d663-ca73-41fb-957c-c51573831c1c} 2652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2652.2.1511817910\856280387" -childID 2 -isForBrowser -prefsHandle 1968 -prefMapHandle 1948 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {0c135542-0e0e-4869-a337-c607ee0d6772} 2652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2652.3.1705431039\406378735" -childID 3 -isForBrowser -prefsHandle 2612 -prefMapHandle 2608 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {df62ce08-336f-43b8-90f3-7e267199cd61} 2652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2652.4.1520121935\24046881" -childID 4 -isForBrowser -prefsHandle 2652 -prefMapHandle 2644 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {cecc28cb-bedc-45a1-89ab-c522ec7f0e9d} 2652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2652.5.2013399404\1077336642" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 2956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {04c5d39b-e59a-4c51-a4ca-ac8a1c1fcde1} 2652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2652.6.503910775\319232042" -childID 6 -isForBrowser -prefsHandle 3116 -prefMapHandle 3120 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {5db4d25c-e2d0-4730-8ab6-c1707029a93f} 2652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2652.7.1831790878\1022326159" -childID 7 -isForBrowser -prefsHandle 3184 -prefMapHandle 3444 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {3ad03488-908a-44eb-a44a-d81f1999b4a9} 2652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2652.8.391645109\99791521" -childID 8 -isForBrowser -prefsHandle 3024 -prefMapHandle 2872 -prefsLen 25456 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {2672bbac-ab1e-468b-aa88-fd1f595f13df} 2652 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1600.0.1391340828\1277189654" -parentBuildID 20240416150000 -prefsHandle 1196 -prefMapHandle 1188 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {ef515c17-d2fc-4d9f-9796-1e4e715ec43e} 1600 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1600.1.1139086892\1326825800" -childID 1 -isForBrowser -prefsHandle 2184 -prefMapHandle 2168 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {25fc43f3-b727-48cd-9c29-1fbb14cb91fe} 1600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1600.2.380580247\285133514" -childID 2 -isForBrowser -prefsHandle 1728 -prefMapHandle 1852 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {978d4f66-f1db-40f8-88e8-1f67ef5abbf9} 1600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1600.3.971679126\2008882774" -childID 3 -isForBrowser -prefsHandle 2460 -prefMapHandle 2496 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {128e89eb-dc17-43a3-859f-8f064ce70049} 1600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1600.4.174900299\1112212145" -childID 4 -isForBrowser -prefsHandle 2824 -prefMapHandle 2828 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {1fde9c16-8a56-40d8-8261-3dcc1f2fca40} 1600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1600.5.421419118\255485257" -childID 5 -isForBrowser -prefsHandle 2900 -prefMapHandle 2904 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {ea6d79f3-d3c9-4ed4-8296-2e01fe8ff2ae} 1600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1600.6.554899586\1881294212" -childID 6 -isForBrowser -prefsHandle 3056 -prefMapHandle 3060 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {5e42dcda-ac26-418a-ae2a-9763f48a1b1c} 1600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1600.7.1205229018\1574759289" -childID 7 -isForBrowser -prefsHandle 2956 -prefMapHandle 2900 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {8911559f-4240-403e-af7d-472499ca830a} 1600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebm58Nk

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebm58Nk

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.0.296583712\134856658" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {32ff56e2-e82a-45bf-80d3-cda684ca5c1e} 2256 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.1.1308344440\2064188339" -childID 1 -isForBrowser -prefsHandle 2148 -prefMapHandle 548 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {729c6211-d5e3-4ab1-a84d-f66781e35458} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.2.293608281\1550849147" -childID 2 -isForBrowser -prefsHandle 2156 -prefMapHandle 2076 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {ffc02854-2b35-460a-b3aa-e286594cb57d} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.3.1682834018\1379249533" -childID 3 -isForBrowser -prefsHandle 2620 -prefMapHandle 2616 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {38cb0e58-97c9-4e3d-a2a8-00109cd2faa2} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.4.2123214137\2058730536" -childID 4 -isForBrowser -prefsHandle 2820 -prefMapHandle 2824 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {704a30fc-ae44-4b3f-b015-1c2dd94f58f4} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.5.258225551\1707285803" -childID 5 -isForBrowser -prefsHandle 2944 -prefMapHandle 2948 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {6d2dd011-282c-48a2-b947-fe6a3a2b2da9} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.6.647178605\786020241" -childID 6 -isForBrowser -prefsHandle 3024 -prefMapHandle 3028 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {5f672ccd-2d53-4808-b4e5-c2bc28bdbb83} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2256.7.1534567201\535805008" -childID 7 -isForBrowser -prefsHandle 1696 -prefMapHandle 3268 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 820 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {1dd3f46d-5fc1-4cd6-a8d3-87cc32e11d5c} 2256 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuMA8iZ

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuMA8iZ

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2808.0.1419526178\720249747" -parentBuildID 20240416150000 -prefsHandle 1244 -prefMapHandle 1236 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {fa4577ed-6f2a-46d8-82c6-7871a0cb1001} 2808 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2808.1.915909027\639524401" -childID 1 -isForBrowser -prefsHandle 2032 -prefMapHandle 1576 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {a69c07e4-a756-44e9-a14b-5e4babebe780} 2808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2808.2.66513998\920346755" -childID 2 -isForBrowser -prefsHandle 2312 -prefMapHandle 2316 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {5a425abb-952e-41c2-9e20-8c7439823f9b} 2808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2808.3.293933115\157580302" -childID 3 -isForBrowser -prefsHandle 2792 -prefMapHandle 2796 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {d617ebe2-13a8-40ca-814c-c00ddbea8af6} 2808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2808.4.94527655\1740569973" -childID 4 -isForBrowser -prefsHandle 2384 -prefMapHandle 2376 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {a5ca255b-5995-4ed7-b0c3-55baa8aff45d} 2808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2808.5.1702634736\2047266293" -childID 5 -isForBrowser -prefsHandle 2864 -prefMapHandle 2868 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {6ee25fe1-d4d8-4e60-a54a-b60aa452e369} 2808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2808.6.2133086680\1484643483" -childID 6 -isForBrowser -prefsHandle 3036 -prefMapHandle 3040 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {4a0fdf6d-70d7-42d9-ac9f-3e5fc655b0ed} 2808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2808.7.1968082612\567107295" -childID 7 -isForBrowser -prefsHandle 3372 -prefMapHandle 2800 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 584 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {a8d6f2e6-22f6-48bc-82c3-e79588741775} 2808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK2oIqO

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK2oIqO

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="576.0.897377604\185692122" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {0fccca08-60e3-468d-8f5e-70fb4f226ec7} 576 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="576.1.553940754\1602223209" -childID 1 -isForBrowser -prefsHandle 1944 -prefMapHandle 592 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {d0a47428-d3d9-4590-937e-724492a1bccf} 576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="576.2.1313857204\486245500" -childID 2 -isForBrowser -prefsHandle 2108 -prefMapHandle 2180 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {05763e40-00c5-44e2-a44f-9e8856344db9} 576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="576.3.1452164388\1725989363" -childID 3 -isForBrowser -prefsHandle 2408 -prefMapHandle 2280 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {2ab12890-0066-47ed-8a37-55fbd9245999} 576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="576.4.739078980\1799441099" -childID 4 -isForBrowser -prefsHandle 1076 -prefMapHandle 1072 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {80947c67-49f9-4090-b62b-6a138712131c} 576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="576.5.225719077\1334700485" -childID 5 -isForBrowser -prefsHandle 2892 -prefMapHandle 2896 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {07e9c1ab-ca93-41c5-bd72-939426befc31} 576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="576.6.1862705561\122803799" -childID 6 -isForBrowser -prefsHandle 3048 -prefMapHandle 3052 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {1a6861ce-917c-4890-8ae5-ff41934e40a4} 576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="576.7.768426784\358521012" -childID 7 -isForBrowser -prefsHandle 3428 -prefMapHandle 3228 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {da5910e6-be1d-4f53-9495-38181a4768fd} 576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMugQGN

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMugQGN

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.0.1442671427\1605662679" -parentBuildID 20240416150000 -prefsHandle 1236 -prefMapHandle 1216 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {0bc71b9d-c2da-4fcf-817e-51001a295d4a} 780 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.1.332789538\1045341708" -childID 1 -isForBrowser -prefsHandle 1868 -prefMapHandle 1920 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 576 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {b40ad7fd-1f76-40e0-a0d3-a1478c8aadde} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.2.1164152384\1452830009" -childID 2 -isForBrowser -prefsHandle 2276 -prefMapHandle 2280 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 576 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {6a7786c3-1118-4829-9287-241b62b988ba} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.3.1173167282\999423557" -childID 3 -isForBrowser -prefsHandle 2700 -prefMapHandle 2660 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 576 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {8a044e50-b856-4418-aaf0-ec8def6337ac} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.4.1346789552\1406904189" -childID 4 -isForBrowser -prefsHandle 2276 -prefMapHandle 2428 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 576 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {b9c6c793-0737-434c-a2d8-e655aa85c611} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.5.752449919\1452472908" -childID 5 -isForBrowser -prefsHandle 2732 -prefMapHandle 2952 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 576 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {9c160d13-912d-464a-993b-57543b943078} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.6.84030248\1505385732" -childID 6 -isForBrowser -prefsHandle 3068 -prefMapHandle 3076 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 576 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {63c6511e-cf5d-460c-8bf6-169da6d990a3} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.7.1290633699\586379625" -childID 7 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 576 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {a9daa28b-b726-4193-9841-30ce7525fdd5} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.8.1645881863\1847284041" -childID 8 -isForBrowser -prefsHandle 3624 -prefMapHandle 2808 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 576 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {6c010b28-8c20-4415-9a3d-c5a1a9af2351} 780 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\firefox.exe" -contentproc --channel="780.9.356201078\1200249086" -childID 9 -isForBrowser -prefsHandle 7372 -prefMapHandle 7376 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 576 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\browser" - {d6300801-006f-4a10-b75b-79a35920fa8a} 780 tab

Network

Country Destination Domain Proto
US 65.39.97.13:9002 tcp
N/A 127.0.0.1:49563 tcp
N/A 127.0.0.1:49570 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49666 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49703 tcp
FI 95.216.22.87:4080 tcp
DE 176.9.39.196:9001 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50251 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50286 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50772 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50807 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:51278 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51313 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:51802 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51837 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:52335 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52370 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21962\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI21962\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI21962\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI21962\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI21962\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI21962\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI21962\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI21962\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI21962\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI21962\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI21962\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI21962\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI21962\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI21962\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI21962\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI21962\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI21962\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI21962\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI21962\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI21962\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI21962\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI21962\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpekecm8hs\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI21962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKq4gk6\extensions.json

MD5 b1d67bc760fc04fa6131047b5071e3ba
SHA1 29af15f48c2d3675377b91a0a2ca16ea2c2d3c17
SHA256 e82ba78835fa3ae6e7e0b332ee8ff022c8af819013faf4510452f22eb9458f4b
SHA512 4330f9ac5924adef934f3f15e60b7e5b3fdae31bd635cd6e3f128e75a3ff419b3644ac78feb2f24d7870beb60160d0702dd389eb7dec2ef245e751fa2f702de8

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 2a79c41336036fd07256da9f6f40451b
SHA1 3086bbc88041df0572781d7e5f48aea0c6451a99
SHA256 6a32d15955518b535f50e7c341673f98e789ec4757240b2114cefdcb88cc2e74
SHA512 cf8f03963e55d307937276c8072c98c47096d273d13ee2a16f0ff53854fa2e4dc44cb2d2961895a4f84ccf503c00293aaf037dd24be6c5320ee8bbe2b3f2aa7f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKq4gk6\prefs-1.js

MD5 9c800189f242e42917496180735160b4
SHA1 73d1429df711e742f2d7ba26d1ede2c03c3cf19f
SHA256 adb1525ba9fac1786ebb1cd01b467267e7c977500e44298b3e1a1735be96f9f5
SHA512 05fedda0c1fea45a7d0755b34d2318777f56bf574c0588ebb0cf5fbd255acd168a0e3e51eaa81b60fbea6d5742e7e6d363b4b788b069ef2b51c51efa18e93ef2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKq4gk6\prefs-1.js

MD5 d283b73e41616df91d2c83188328268b
SHA1 f7f9e4bda919ffb58689245cfbc164ba362520a2
SHA256 eec447b34a2c592045655850433d2429db033b204bc4a4a6027d56b1264c81dd
SHA512 869a2bab319919e169c7a1fa4685da477e3aa1976dfaa7909bcfa21e323c0f0dd86454d554450b1b7800d808b95971a462f1f35143512d42450e41ae704b1ebb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

memory/1600-1232-0x000000000A710000-0x000000000A720000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\startupCache\webext.sc.lz4

MD5 64acd7fb090c33f935b463337c899275
SHA1 4f689f229fd8a7134ef794761dc607aca493aa1f
SHA256 6dbd56c7bcafd3395925c339651ea3b2657bcb85a08eadc15159567b700653d5
SHA512 076a9770eb3ee9a90e553f3361fcfc5483dad036f1d798fe67038815ecb99d3db11d304627ac64da2360458bda4c1165ba4d72eaae4c54fed470ff87827e3657

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\prefs-1.js

MD5 fb472998f7ab468cb6a5d249791ea224
SHA1 11cffb4c832547e754a2b2c6111d6d418d3532e9
SHA256 76bc4a6bc6adfb72e54c16f31ceb82b186d94c54e8e9570a2b4a6ae97b4320cd
SHA512 faec40160e271d1710252ad91f0321d5fe6e99a89e1a59d1cb6ee1eb32155af54f25b1f5eaacae96be9e5e6fa6a68d7cf757a6b77cdfff03c5b57feea5dc56a3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\prefs-1.js

MD5 966d36d8ce875872e25e9bf30a3c7bb2
SHA1 45fcf2946811b7cda912b89f196dda7224cbfbd9
SHA256 70c3bf0cfeac0a3680be19691ea6e4a11de35a91bed230261379fbc5389dacaa
SHA512 d52f01e31b6fdea993d75b4629d2f98f18c61416f9a37d51d569f7cb604d6475f9a18c0525fc7e02a03e31768d1109fda4bdd32b462a84af4d0b226adad84ddc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\prefs-1.js

MD5 6498369af90bc1805b9bcb5c799cfd5c
SHA1 75da8ac3236d2d03394e6e27d1547ffd2326d11f
SHA256 50c6874120da9c294c9ed599cc53efc111c83b8dc56f7591e310fd31acfa1c07
SHA512 064874b4b50feab92a051415315c44feee57b9003f000a63d500f404521a000e7ccc6c63ac2074b581458ae02faf36d2b4747e43d70c2595809d99ae26f72882

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\prefs.js

MD5 410df5fab9819e54b7e9309f3d1e01d9
SHA1 3136608c8ae3601cf9d0909bb9f140ad014575cd
SHA256 29d6796e731203f46417311242868ae3d683a923ea552d472733ccfb8becddf6
SHA512 cef2052d8335884215b7884b2ab4485700efeee399080d5f2ab5c0e29d3ee295aeefab629b1e5c35020a3c7cccf9dcc9b9388e2504e68e2f870c5ce75c2939f5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilenAGR03\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebm58Nk\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebm58Nk\prefs-1.js

MD5 ccf574d166c146490a218a16e6989fdd
SHA1 3126909415ac4f0c5663ffb6e0a4480ab84f6b61
SHA256 b5bfbf702f3c83361d0f00d568ec039db49c1b1efd4c40db1e0c3ec6a61f8aef
SHA512 69891b0c4e0dc2aef887817bf421c2254e5b370acdcfd0d5b3d4893db5c7763a20ebbf37b210bce48610041452d10d4fb83ce4f1f0502b9113f6633908984623

memory/2256-1733-0x00000000034C0000-0x00000000034D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebm58Nk\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebm58Nk\prefs-1.js

MD5 5dcbf5074267b3f8b18cbd2807667b01
SHA1 e2831987715ce77e4e097508d28a1565d4b81493
SHA256 c7479d6c9fd12108c441e5803ef8f3b503efd26209b746ddf9585ce54cd9e260
SHA512 f20f480b963e4d57f58a3652bae7ac31558a736a86b7506aa69cd293776aea4b4fbbb33dd3a46b076c854cb9e31f3f15ffb8b8ca23fef70bf28d5441eb9a4126

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuMA8iZ\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuMA8iZ\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuMA8iZ\prefs-1.js

MD5 d77ec573b2a68eae3a47259351ea5a5e
SHA1 3de8344c240297484b02b6109ddfc80fae335989
SHA256 c14e83e42b647f03e939abf21e874d5feed86a93e8a35ba8eceadd73914d0774
SHA512 27c2767723020caae747708ba3e68fa227a2066d1f5588486043d89bb67b63d6e49fd13c79e361284ef3a1cf9e5f230c0e37d015f5785169a3597630e3cdec6e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuMA8iZ\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileuMA8iZ\prefs-1.js

MD5 ad58ac363ffd2ccb554f4ee140b2753e
SHA1 3b54317fa42c9431874b7cb602ee7ae96425a036
SHA256 08a09a5de6117fe001c8fd9534d3c1da096bd49a099bed76aa6e1bb375d012ef
SHA512 3b57680c257f0918f17cf6bc6c9a491cf99bb9b1b33cbec53f3335451af9dbf27630b89fa8e0f5c29cd4ce5239a8b9bc1329b34a9c06e0962ddcebfa6bd08349

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK2oIqO\compatibility.ini

MD5 02135720e8de62d237f6573145f32ef1
SHA1 3a5a521acda74a93f43f3a05075c3f4a4c98e63d
SHA256 ef96d954a9b2a5183f6b02e53fdf633dd985cbf6a8a1c2feef2f91b876f52cd8
SHA512 4351a6a9afe5d0627859ee2df1b8fddadba74689bc5823660f396a1563c8aa48b4d2ffe4bf74f6bb2f4142e77cb90dc87bdf54f8a7bbd046befe592474c8a399

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK2oIqO\WebDriverBiDiServer.json

MD5 588c0fd9303cd517cd8991361ee77d43
SHA1 f0e98d927756b403434bf9779828b202470dadda
SHA256 0c97cca358390c391b821938ce78ee3f21d8791b5ed8366cb37716268b3cca0c
SHA512 fc0efcd87d52f97acc5eea271a8d87917210642231ed3df53c45745a89cb56461da742084ea69c8c0a605c582a7b954ea3a386e09769d2aca6a9a45b08656046

memory/576-2655-0x0000000007540000-0x0000000007550000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK2oIqO\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 0e1508fec71ae7b356294f74cd4decac
SHA1 f2a055317131f1a2db4701c6d8aa669520f776e1
SHA256 ab12441c308c4d3606941d9d2f4deae7c2030aaf8ba6236d2ee1280109ce195b
SHA512 2553e91d82cfa2dd249ae758c0e814a80446bcd4917e3ef8923770fc97cc40a5635561150a6107c0327bff127368dc9576f81c4838fb0244f11c1d482b4907d4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK2oIqO\prefs-1.js

MD5 9d22dc42167795ce2af8a20c9ad72339
SHA1 c736ae19568e1980405133f9df5642d6dc92bb92
SHA256 73affa766ecbe02c5687b631781a58cf8fce35cc7acaf30caa11ad454cf048e3
SHA512 f22bd8df11847b1600b01438fdc4d0b338e1f9255f966894c80e7b59b1cdde8661e93fcbacc9b57b809c64ccdeca69bc29ab77cb88153e8fdfac02d25d2dc2e3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK2oIqO\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileK2oIqO\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

memory/780-3164-0x000000000AFF0000-0x000000000B000000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMugQGN\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMugQGN\prefs-1.js

MD5 75265989dbc526ac2142e207e26ad140
SHA1 a64cf7a2cbb4b0d0883e32c07618d35260306be0
SHA256 acf93817775969d9ff7b7b8069dbc14e9f693a583d248295fc5d4c38e86eca73
SHA512 e52cc602a16a911bc886ae5cd2c1564e37a6e33975330fd4cefa619fab602efe3e931705b8e33605c6d70f8fffe85d8c41be6782d39d50da778e96bbfc7ab6a3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileMugQGN\prefs-1.js

MD5 5fb9f69e48c64d1b46b75a4d67fd32d9
SHA1 99d07bec9bd36c80b30d42f3c339acd95ce897b7
SHA256 36068a9450e74bbfc3e9c54a9d288d34b2cfa05efe1998db25c60413709f7439
SHA512 344dbcdde747d67aaebf390cecbcdfeaa75795c2798ae38f62ea181c5c88ab9cdca89c614999eae77f2e0f24287c8d4db1d553221c13d83b57216b5a121dc5b5

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win10-20240404-en

Max time kernel

293s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2192 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2192 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2776 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2776 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2776 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2776 wrote to memory of 4280 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 748 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 428 wrote to memory of 748 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2776 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe
PID 2776 wrote to memory of 1256 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe
PID 1256 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 1256 wrote to memory of 4964 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 4964 wrote to memory of 600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe
PID 600 wrote to memory of 1184 N/A C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecJxtrc

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecJxtrc

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="600.0.784597735\1485685801" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1440 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {f48d2deb-3dd2-4295-b5b7-a59fdb494151} 600 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="600.1.280783273\850107284" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 2416 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {d2f9b09a-5749-40f7-b069-dedc61197943} 600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="600.2.458772014\221433406" -childID 2 -isForBrowser -prefsHandle 2924 -prefMapHandle 2896 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {ffc3661a-bf51-4101-95c2-388a85519ca5} 600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="600.3.1681916934\34502078" -childID 3 -isForBrowser -prefsHandle 2996 -prefMapHandle 2980 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {f09a3b7b-68e0-406b-8cbe-f4dfbc137dc1} 600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="600.4.1645437357\358160927" -childID 4 -isForBrowser -prefsHandle 3120 -prefMapHandle 3208 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {85ef0636-e38e-47fd-8652-199aad3e1b28} 600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="600.5.928598044\428338229" -childID 5 -isForBrowser -prefsHandle 3700 -prefMapHandle 3632 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {8fe6fc90-6e24-41b1-b679-c5998beb7671} 600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="600.6.1126549905\1845647718" -childID 6 -isForBrowser -prefsHandle 3212 -prefMapHandle 3100 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {a4399ec8-96f2-434a-bc1b-ca701d90591c} 600 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.0.1847431897\1723778988" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1448 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {dccc4672-2e7a-4541-ae87-681f6fbf7541} 1936 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.1.596051355\2033489318" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2688 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {9dc46b61-356f-4d9a-a576-d59ee2802a34} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.2.34829954\1585949328" -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {4f54b1f3-daa0-4824-9903-9b5ed2da3420} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.3.1777539279\1549979554" -childID 3 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {d365495d-d8be-46b0-b4ee-57f6a22bfea0} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.4.1400003072\1708799039" -childID 4 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {22f37706-98c7-4253-8d6b-72ea80543adb} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.5.2092628686\94547656" -childID 5 -isForBrowser -prefsHandle 3820 -prefMapHandle 3824 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {8fede69f-6d30-454a-bd38-eb1498246b44} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.6.161910640\1088646172" -childID 6 -isForBrowser -prefsHandle 3604 -prefMapHandle 3596 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {26b1934e-6e4e-4bc8-9d49-97033fff2041} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.7.357080847\1151100465" -childID 7 -isForBrowser -prefsHandle 4312 -prefMapHandle 4316 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {05cda7a7-c110-4035-a099-33e6b0dc8939} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.8.2142704230\2031785427" -childID 8 -isForBrowser -prefsHandle 7576 -prefMapHandle 7740 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {b227e361-1c8f-4b73-a8e8-9214b475af0a} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.9.175456840\1302226233" -childID 9 -isForBrowser -prefsHandle 8556 -prefMapHandle 7296 -prefsLen 25332 -prefMapSize 245849 -jsInitHandle 1184 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {e5d5940d-fc0e-4b49-a201-8f71d148fb98} 1936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.10.507976920\1428849303" -parentBuildID 20240416150000 -prefsHandle 8340 -prefMapHandle 8436 -prefsLen 27602 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {3e56380d-8285-4e2d-82e2-1eadbb0c5f6b} 1936 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="1936.11.2120035388\593475005" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 8276 -prefMapHandle 8424 -prefsLen 27602 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {a60f8135-e7da-4076-a34c-d0dfa4c1b1c5} 1936 utility

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFeQGRZ

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFeQGRZ

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="6024.0.1681085725\410905305" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {da6b27ab-e535-47c7-abe4-44cdde8c950d} 6024 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="6024.1.386794270\358582759" -childID 1 -isForBrowser -prefsHandle 2492 -prefMapHandle 2488 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1076 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {29c628c5-d365-44e8-85cf-5e399f6014c7} 6024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="6024.2.2057812788\1236989202" -childID 2 -isForBrowser -prefsHandle 2920 -prefMapHandle 2904 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1076 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {63f4eed7-d8c6-498a-a0d4-1968c802aac1} 6024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="6024.3.1315912344\116743668" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3644 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1076 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {32bc9235-4963-4e64-9563-939ca8d408ed} 6024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="6024.4.547568868\1078812584" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3812 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1076 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {364aa08b-25e3-4be5-bade-a61617c705c3} 6024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="6024.5.2020465667\1396713382" -childID 5 -isForBrowser -prefsHandle 3336 -prefMapHandle 3340 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1076 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {2e2d49c1-864a-4bd8-b854-d6fd809e5ead} 6024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="6024.6.246507020\700225546" -childID 6 -isForBrowser -prefsHandle 3948 -prefMapHandle 3952 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1076 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {a9805b95-6470-4f09-a5ba-16933f74d06c} 6024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="6024.7.1616277606\1737950706" -childID 7 -isForBrowser -prefsHandle 4288 -prefMapHandle 4104 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1076 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {b8054e8d-235b-4246-9ccd-eab5f47f4b65} 6024 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemVG8pu

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemVG8pu

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5504.0.263833340\806005824" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1448 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {4780063d-d5dc-4c97-8f12-1f731f792b3f} 5504 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5504.1.1911927854\624384049" -childID 1 -isForBrowser -prefsHandle 2192 -prefMapHandle 2092 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {79a1d959-6576-41d2-ac77-63c1d4d0d146} 5504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5504.2.419093792\663131098" -childID 2 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {f01a6266-8743-43e1-999c-8f2b5320bedb} 5504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5504.3.226057632\1324478630" -childID 3 -isForBrowser -prefsHandle 2944 -prefMapHandle 3332 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {cd34948b-c701-4bdc-ab41-12afd1cfab67} 5504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5504.4.599283854\305492471" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {14e163ef-dafd-4479-8dd2-964c5d0e89a9} 5504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5504.5.862863401\936434491" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {6a467138-965a-42e4-8787-529aee0fd8a3} 5504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5504.6.404689791\38922478" -childID 6 -isForBrowser -prefsHandle 3312 -prefMapHandle 3308 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {4055929c-c064-432f-8233-a2ecb0f439e6} 5504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5504.7.1911881128\1176443844" -childID 7 -isForBrowser -prefsHandle 4360 -prefMapHandle 3980 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {693367cf-c6e4-4842-b9e9-060d1614d907} 5504 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe --port 50037 --websocket-port 50038

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletlhCul

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50038 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletlhCul

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.0.253346282\2112816178" -parentBuildID 20240416150000 -prefsHandle 1520 -prefMapHandle 1496 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {b0448c18-dde6-4a17-b702-99486b7888bc} 5028 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.1.250775163\1974471398" -childID 1 -isForBrowser -prefsHandle 2664 -prefMapHandle 2680 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {962cddf6-eb5a-4f19-8277-eadb919889a3} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.2.1431140531\1462878518" -childID 2 -isForBrowser -prefsHandle 2996 -prefMapHandle 2972 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {810fe685-74ea-4e11-af64-ced3babc49e4} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.3.2010125208\770654372" -childID 3 -isForBrowser -prefsHandle 3068 -prefMapHandle 3056 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {6c8f381e-d6c8-4798-9160-f33ce7510fdf} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.4.1628123147\755465759" -childID 4 -isForBrowser -prefsHandle 3348 -prefMapHandle 3364 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {d56442d6-c4a5-4a63-a018-c0b60109e20b} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.5.917363157\1697470894" -childID 5 -isForBrowser -prefsHandle 3324 -prefMapHandle 3340 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {a281acbb-a558-4613-8d34-396e9710918a} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.6.352315016\239876428" -childID 6 -isForBrowser -prefsHandle 4048 -prefMapHandle 4052 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {448a28a3-78b6-4e01-885f-8e3b423b1c0e} 5028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe" -contentproc --channel="5028.7.579954288\896074121" -childID 7 -isForBrowser -prefsHandle 4368 -prefMapHandle 4364 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\browser" - {06c50e96-1ef7-4fd8-afec-0d0672391d55} 5028 tab

Network

Country Destination Domain Proto
US 173.73.134.86:9001 tcp
US 8.8.8.8:53 86.134.73.173.in-addr.arpa udp
HU 37.120.144.222:9001 tcp
FI 65.108.231.17:9001 tcp
FI 135.181.124.214:9055 tcp
US 8.8.8.8:53 17.231.108.65.in-addr.arpa udp
US 8.8.8.8:53 214.124.181.135.in-addr.arpa udp
N/A 127.0.0.1:50140 tcp
N/A 127.0.0.1:50142 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50235 tcp
N/A 127.0.0.1:50243 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50537 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50545 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 udp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50914 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50922 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:51221 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51229 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:50037 tcp
N/A 127.0.0.1:51535 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51543 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21922\base_library.zip

MD5 196fc7563beec5caf7c72cfefe27a4c0
SHA1 c3d9ecb19ed275d5e72dd2a2b8e63ae4b1339614
SHA256 ca9d50db79635bc360319cbb7ef3054ebb5824298e72663f38a1389575e839a4
SHA512 f0d6d9eae8fa63bc1922a8092236ab832c5d640d2775f985b13cd661796ee68b0c690146e84e2d54f55b374b38345d7f4c295d403ea6ade60b268d9a56cd139e

C:\Users\Admin\AppData\Local\Temp\_MEI21922\unicodedata.pyd

MD5 74f0f14027b885ef241534fa196562c4
SHA1 ce3b7da95afcc5d5a1ba98b3559838fd5c590ad4
SHA256 0699d54b62a6af51ba3066d2234cdd0993888e96e508f6601bbc072c5ed850c5
SHA512 44e53181dbf565f374ffe66f8963d2e48733325df23fd0d4e3d4ecc23a7dcbebc5553a8aba83e918a59263c43a29d2873f252249e43d20525def232fdff0ac18

\Users\Admin\AppData\Local\Temp\_MEI21922\libcrypto-1_1.dll

MD5 0941c662082b05ebe62291f286a83e8c
SHA1 07c8641b96a52915ea5d30d5891478556f8d9208
SHA256 5fb7a352f7446297b524902cd1bf9f4e6f2fb60cfb2daa9e3fa0f76ce91f9c27
SHA512 d0dae6006c1d1978f3166ab3663ca14f50f0b3699357ce89cc53cad0ffec81c089355c5980bea7ad527030fdd12a26cc0cb6422a933e207226e77d2730d69da4

\Users\Admin\AppData\Local\Temp\_MEI21922\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 486fe872808014e51f75515c56a40cb6
SHA1 e7fa97e2e174aaa9badd0a04818364a9083874be
SHA256 90f55bbc9ddc538491475502e381a01c26472773900c41c1db19bc89860f6a08
SHA512 f2b0cb9a683e3e19d995040339660da9f2903dff885fba6f5a76adf7113e4d0789aeb295b4a33905615bd9efb8c733ad8cb349af6ba8015e0013546aea91ee8a

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

\Users\Admin\AppData\Local\Temp\_MEI21922\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI21922\geckodriver.exe

MD5 cc3d9fd2d0d1fe7415f80f1b8338bb83
SHA1 4a2ce0dcfe92fa580b235d025fbb87902548f78e
SHA256 65f327d15e6634a75457968c1351533a5fc92a906487611a3a78d380c54b99b3
SHA512 da17ce903cd4c09ebe53345940ca41d34089958b225537e727301273ab5845419d36a86d0574567b73b5dc7031c1bcfbd86106651db8f10ac413065dd27607d2

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 cef7e290b89aea3372d2ca019c5ed6a1
SHA1 2def39d23c90ec7099b0ae7fe160b82505dac63b
SHA256 f2c482fe41b468e670ca6b93c3be99e805a8f65ddfa5b24a47266876b6ddfc2a
SHA512 c905b7ce4e3e9c67d8453d225f5f54e224ce151816723f8f44cd3ddd0ce3d9d69e024d00a37d8cb33817f381273e478097eb68121794b7c67666b13da5c60018

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmppxyt11b5\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 99e05b86c897bbc2a33698d443d918c7
SHA1 54b10038ed0559b7e8b9f3d115702e7ddf1662e5
SHA256 1fe298050cf93ccc745b1bef4dc34436f49f35429d5c418b3900d5a1f0d7ec01
SHA512 fa4052a39d0cb28ffe750d2ec42dacec6c0837d72cf9715d74a20083fd2086f61acbbca53b453ba591f357cde536c2688d31b94f6b739a4596b03e30c310b47c

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\tmppxyt11b5\webdriver-py-profilecopy\favicons.sqlite

MD5 a25f4695bbc2cc3bb10bfc72fe8c7c91
SHA1 746ab4d71282026d95f6ff41dbec04eb801f0ff3
SHA256 a813d451fefd83c27db756cb1482a8877ef260059ac06eceb462c07f16afcbca
SHA512 914a179074abbb31753501a96d0be7271af768c91dfdfa25f57d97ea65241fa5fa2fb64c3b07e069e2e745a99775cc45a8695a6581950246ad741166344602a0

\Users\Admin\AppData\Local\Temp\_MEI21922\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI21922\Tor Browser\Browser\firefox.exe

MD5 4b8a97c46229512e9cdd73103b9dd509
SHA1 6b00b5f1ae7f031ab3df533bd0ee620100fc9e39
SHA256 3f00fd6dd1d025f9639e1bd3a5e0f01dd273abc095bce9886a5cbdfa2da23c0b
SHA512 d0b554cdfce241affc78e0b47a9ad605d41fb28771fe155f642f00c0824272cddb54a706eff77a3bafd84c7124e28ce09a51da10ffc97d862eb9bcf8faff381d

\Users\Admin\AppData\Local\Temp\_MEI21922\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI21922\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI21922\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI21922\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI21922\top-1m.csv

MD5 e332a31381c6ca9db2b50f1ce430d38d
SHA1 f89de1dc4757367477344ec569983fa8004de7fc
SHA256 499a94f6ff83bcd4389e3e590c146a19a51a10dd4c12f077e7510aa209a5bc0e
SHA512 d7f14f04fc25fe85a3981eefca46a6bfeed806447a9c443347572b9a7dd5e8ab038c77e07f4413190b5e4ad0286d7d83860bc51ed516a29f962df80973005ca9

C:\Users\Admin\AppData\Local\Temp\_MEI21922\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI21922\nss3.dll

MD5 994bfc2fc10158225503b93c393502ce
SHA1 66026e54aa8b516df5363571774dc234da41be9a
SHA256 0f24198a691bf78dbc6e6d69698307c9f9834dd7615f96508204d365fee188e1
SHA512 2233393819136e00ed4d0ba4af07528d6a73e0dce0b85793479fa500f03d3e55820618428d2b85af6c316726593c1c056964adf5823ab4135a236bc3801b6abe

C:\Users\Admin\AppData\Local\Temp\_MEI21922\mozglue.dll

MD5 9788a793767bf2ccc0653826b7ea6047
SHA1 46a7b82adf41139dfe068738044178e34e1802cd
SHA256 395818586871d29d755cdc19cbf763afc6f328f53e745b3482a01bd34cd6f0e9
SHA512 2c26922c28d34550b9bb88c7952255bcb4e16cbf405bd0dc3adebc45f3702be4cbc7dbbad90b53f51d02403d2736d06869185331050825d60a3f99c31f6a045c

C:\Users\Admin\AppData\Local\Temp\_MEI21922\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI21922\libssl-1_1.dll

MD5 75c95d1a05191a2f9101e24f60b6eff7
SHA1 f6136241c5983c4461df069c24a8669fac614539
SHA256 e3eaafdb87602671c30409f941651bfbcc42a0068337f605ff5a38d6283e1788
SHA512 71c894f6232c1b392184daa816adacad058af56e4b05bfdec8e0f1a535c5e4f277bac3b043e92a257bc427727be149e73165fe871442fc77f7a34dbf42f208dd

C:\Users\Admin\AppData\Local\Temp\_MEI21922\libcrypto-1_1.dll

MD5 0cc0b6733ecdc66c8e91671fcf7611b0
SHA1 3389ed728579c290be22c2b1f0e622fc00534726
SHA256 4c2c0b4a920aa353b43c5bf065720e9da8a1e1d2a3f2da91072bdeb43df0b3c3
SHA512 6d0b83b9607ec09a5dbd7bf783fc696454d98197baaa417c1435aaa9aeed996903a57076e7451d89b9909924639e0a1725a9354299999eaa8bca26171b17d795

C:\Users\Admin\AppData\Local\Temp\_MEI21922\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI21922\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI21922\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI21922\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI21922\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI21922\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI21922\python38.dll

MD5 9c431463ff706a3c718ba3a77ac7d11e
SHA1 960101720789a956fa08a5f8f094c40082316153
SHA256 97c2dd9878b3cacc8b12d3096131377dcb0cad38a3fab88362df8789e8c1d84c
SHA512 052b14f2aeb8b90b9f0f8dec66ed5fb5047da00729b39975f4c26ba25fa3c3c9721c9289a2612adffd4560d4eaaac3b8727ccbfa57a591c69b32faf2e9861693

C:\Users\Admin\AppData\Local\Temp\_MEI21922\python38.dll

MD5 c40c36a527b224a242b22a301df7bf0c
SHA1 41099f8b597e5ba6f4e7b8cdac655fa432a5ee28
SHA256 68cc16d68ad3cc8632942005625dbf23aa90b9a00c18ebe83981f66c8a34830e
SHA512 97008b6af13408d061341a881a1285b2c810dedc30948d0785e19d25526320ef9304170572c637d66d9c7470a9dd007f1a8417305d9e63fe0ca8c3ca5b537e50

memory/600-542-0x000002B7DC1F0000-0x000002B7DC200000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 4c17d8aab9d46a4167d874cad4e3a7e3
SHA1 243133d6f00280d4a85c5700c178e5801020a193
SHA256 6cf46d9fa63bb1c4d252204aae09e4f5f5ea0ffe634a1cf7b30272d8a1f334f9
SHA512 2880b24cd4cf54e494bf939e59f2b4180e68f7372a6a55e3c378652df4c1f5d45a443b07c6ea47a7363c939e94c0d57a2eb16462acbd92d232e4a7a218ac4f6a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecJxtrc\extensions.json

MD5 82bc79c7cdfa8d74a75d96e11d6c7f08
SHA1 aa421cd3ccd22db7bca97d1f2d31faa3fe739698
SHA256 eb093886e29d6227f4bddc233ab186c1e83afba9759e4b29cd0fcbcc399294e1
SHA512 c81bf25dd27bad7994b62ad751883b29c4f7d595e20ced7c7db91b96c9ee3dc7579b70cb91e7efd431aeb24a769a851aac0aa81258095f418a5f96bc70cd41b4

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 803f55cf90d887aeb8992532129c0bb5
SHA1 143c1d312d78146948be051635c24b0ef5c65807
SHA256 7ba4c90aa3674460d0db2d2a75b4374233121e9ccc44b8349b9d61ac2450f330
SHA512 fad1665516002be366df7360c66ccf4dd207e15e5a63fc6965d270d42703886c4c40d39d0ec85354e479a3524c38f5320be8a12c2d86f096106cd6fe45e1faec

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecJxtrc\prefs-1.js

MD5 eb893aec4cbe62571887128e3480dd6c
SHA1 7de2035003106da8195ac9fbc6f5fa5c36659528
SHA256 5411d179c1fdc7844315ac3e7f78f575dbd94ffd69620e1fc1203f495d7ed703
SHA512 4b793175d9573b48d719fa3087f83e244c4adeb2f16fc88808ea6fc1c2cec8e24beedb465e1d5693d65f38369f3ac5539805dc2b6b012c2e381eddb47ad628fc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\prefs-1.js

MD5 e2eff44f57fed70ea2c4fabc937d1994
SHA1 3c358d6a13d6604ed5bfd6a426d6bdb7134cfb9c
SHA256 bb32e8edbfc80e71557a7ec4ad0745c9b6a86c008ce6e1471e9d001f6b59fa6a
SHA512 ce7e87f5b0a915e9872eb5fcf35c461a96b57bc28b676916ed21874107ebd0b0114420cffc4da326af07457794a3cb7798021fe2572494c662ef98ccc577ec57

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/1936-797-0x0000019808290000-0x00000198082A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

memory/1936-851-0x000001987CCE0000-0x000001987CE50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\prefs-1.js

MD5 182a4f986c2cd1ab39a758eedaf6d339
SHA1 68c4c4487520d224d790f2af625d46dd81269b48
SHA256 da2d1b6075268af741197fdde0ae9250af7f8f5cfe5e7948a5246bc9a3bc9f5b
SHA512 84b3baeec93b0658453086c6f7cbaaa100d4518fa1579538f639f079d2d000161da7a94f1de607f788c1c79e5ce354d74fed81c81730bd67998e9eff8cf20a6c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

memory/1936-891-0x00000198092A0000-0x00000198092B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileb5O0oU\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFeQGRZ\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/6024-1107-0x00000228FEB40000-0x00000228FEB50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFeQGRZ\prefs.js

MD5 c54601042f3637d704892b94abe2d425
SHA1 95646ce79d1e64455588c2ea510a00bff18146ce
SHA256 8a14b98d0ccf00ce75691e2bca6aaeb97463bd71a113e94f6c4a4dd0a82ecbd9
SHA512 ee96c3bf790ee9a7109df414ccb32bfaa1543321ef7c2ca8dd5b709e77bf58b33db650a273df2c84097a63ba8a5fcf4a8167cd366bfba1982f990087cb85fc8f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFeQGRZ\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFeQGRZ\prefs.js

MD5 57c87ff3b1cdc1671e9fee5815158b04
SHA1 7e08bae22ce602b96e89c126294e43cceab1cc86
SHA256 acbe2b8da10e6e9023b54e5127c5a4ba4f7b42e1789db065f83814c133b63547
SHA512 54a22b62507726ef4299004f50c0e0fada422eac3a380fa773c959b735abd41153bf09414994401387c3a9b184d400f37094610d28007c6161d0e7f5b4d81288

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFeQGRZ\prefs-1.js

MD5 da906aa76b19621a0ba33bd165fdabd6
SHA1 02b464337954f3f93996a45b76e5dfb93332ef98
SHA256 913383dfd1037d5ea09a38d46a7c079b992cfd835e4d84f7774213afe624179e
SHA512 a1eb9618cb81ae29fd2c3259943e9437cc15c51d4000dd01dab6dffb26eb8250c3ef87407aa1526f4971db2c70b7ef69d2ced975d63748a1d20ee2e6dcc0e327

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFeQGRZ\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFeQGRZ\prefs-1.js

MD5 3aded57188ffb2e189c3234d06875583
SHA1 91ba7924202f0ed48298cc15b893544e8d8b616d
SHA256 5671c053703605735bc4941306e811d25325dfe6d3692f18c2a22e19fe059a30
SHA512 6ae19b8cc57aa4c31b884bdac4910014f63ac598a6f9829f886d782bd68c44b68408a0d7333be78ee74b08784c67e128dc0410f0103c39adf768c4261d5247c2

memory/5504-1387-0x0000013D334A0000-0x0000013D334B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemVG8pu\prefs.js

MD5 2ecf22a40d768b5ac819cf748eabe29b
SHA1 68ade9ee0d7ab24fcdbb6426ec36cd971f07dc14
SHA256 c0ef727c8c10d3262de1f87279506de9c90b360bf6780e933d59c6c4e7bb6eae
SHA512 931722e6cb723ef92c294201c2e2d7ba5de303c01fa787f607b86b95247b844b0124d2b200f4e2fc94363485c283ca52e9344765aad07b98ac6c0fc9334b0df6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemVG8pu\prefs.js

MD5 94a69514b0f8ec394f5b3e87841fe99c
SHA1 ddd91d785ca7fd55b070de56492f71fbe0194d19
SHA256 68a42db7ffeeb85b88292c501ca0123e943312c9ca0d23c012ea76718ea6519c
SHA512 dbe4979432b2582721f5b8b2ab85f2b5a37def19d27329fa3a1052e41e38b6cceb54b7331cf5a1aadacbb30f7600c46eb89ed58d3e80f52017557b6f035914d1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemVG8pu\prefs-1.js

MD5 e3c26f77ca8a259e53f69ad0eaf75b9f
SHA1 082e2b2fc68d096b8df1bb1d1b531ff3cee3ebb3
SHA256 c5b9e510b6b1e1ba8ac9f816350ccdb6f703843ccf70e30046c68d1d56d13ce8
SHA512 cd75ce82dce950649244230c09bd34f9c5e0f2015e6bf4f822a422e070c1e988b5b5b880effb8f10470e6f829c4ef28b998151537273b4e47c238350d0f54ebd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilemVG8pu\prefs-1.js

MD5 0b7013c1c5c3e58052eda3325c9fa146
SHA1 a2f93de5b2416d5be041f3d4aff1ea508126a1ee
SHA256 7d8430756824b4371f2bc2e9e0e75a45bc3ecd9ca64021b3bc181d660e4525ce
SHA512 5c618bed6cab26df20439ffbd3c1522153ab6864c869835d616b232bc5c777bb4038ac3ab92837ce46cd3d8186530ea3ee2d6a30ec4f9b66654cbd924407c2b8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletlhCul\compatibility.ini

MD5 0ac4329c3e1c0a83847c807fdec84296
SHA1 1e572b7c5eb8c95fa9fe536897c6bf382c0bb507
SHA256 bb8d21c764e2d288705d890e54a5b795ad9fd715c3517ee2747e3da8b97cca6b
SHA512 0aa770108d580d3a9e8c1a665056fb72206b0b5111570360e11b2b99b44e424c5215292657aef8d03fe1c3fd78d1ffd6be1b84d10cd2e5edb0888320fd5f161f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletlhCul\WebDriverBiDiServer.json

MD5 f37734326c42ba13c915dc4e70eebafd
SHA1 f4f39cb5b10f83af174c564c0922615351870e75
SHA256 3acc4bb12c1b5be69a50733a288b930691fdb3aebc9ef171f52643828a57fe50
SHA512 809638245a076e55031bbce9e1033e2d1933220ac9905e1ac5420d7e588c5ebfd12f05f49b1f641da83eec089859e3f8a9ccc675717b99fbcb6473b183585238

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletlhCul\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletlhCul\startupCache\scriptCache-new.bin

MD5 427842bad9632fdf94fcb6db89481239
SHA1 05c636e2e999f5e2c841a0bb3e9b2677840ae56d
SHA256 b29497d7b0af08fd0a0da3026b0353b81c22678025ce558a431780e5e7558b0f
SHA512 43dda4b328321f3aa2299238f63f5174ac551611c05ef3adc7bb160eb1ab9f60ece7a2241f33d06948ec4719495e47fa0c963654bbfaf3c832f044479084715c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletlhCul\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 f6c699df85081f4f67d328ce08810306
SHA1 fac9a74d43cbd144888835ff9040592765a3c471
SHA256 780f6da1b81fcaa30cb74ac218df04486766a1f5bf64b280ccc7ba0e53118b4b
SHA512 43af8e1f3818ebbe7ea645747c9b37cfb80637d14411a1b6976963e5a75a153ed2885e5bedf52df89fddb15234943ce908bf2fa66d8ed26738cb12d1e57d571f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletlhCul\prefs-1.js

MD5 dfc0d6b7c7785b31bc8c36934bb2e734
SHA1 aab242d8c31c74d9fe3486849677132c68a6991e
SHA256 aa066ade2370f4625ece9d4309f92d19ba70a339625a662555ae1a47507d8273
SHA512 47f3fc50994bd3ae63225a524e102ebb7e8459ee6deb924ae55cd3f8773aca0096239ff1090c025e83f7458f9ce3cd31273a33b1d5b646045d547e6cc2b25c57

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletlhCul\prefs-1.js

MD5 df2f59d8b624d868444f41368f11698a
SHA1 5ee164c63b53febe63ae1f2192182ed6025009bd
SHA256 24a0c04118d7beeee79ed3774597f44b4f9d340e237edbeb06fe6b725a8eac86
SHA512 592ce9327581877ebf440c5aa5daf00d766d98c4d018f88a9dd526e5bb22df7964d6ee07370ef005be582d4252ac3f0374ab619061ef4f7b13b08239e81318b4

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:09

Platform

win10v2004-20240226-en

Max time kernel

326s

Max time network

353s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4108 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4108 wrote to memory of 2944 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2944 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2944 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2944 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2944 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4364 wrote to memory of 4816 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4364 wrote to memory of 4816 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2944 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe
PID 2944 wrote to memory of 2428 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe
PID 2428 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2428 wrote to memory of 4916 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 4916 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe
PID 2332 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3660 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe --port 50110 --websocket-port 50111

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50111 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1VC7RN

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50111 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1VC7RN

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2332.0.2044521872\2054890505" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {0a0b9942-65f1-48b4-ac2b-4072be73f5fe} 2332 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2332.1.505465268\1098713440" -childID 1 -isForBrowser -prefsHandle 2632 -prefMapHandle 2628 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {0b337244-1827-43c3-914c-6083e139e028} 2332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2332.2.1535867009\972740113" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {25bcb92b-feef-4dd6-aff6-2472f9e9b41b} 2332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2332.3.1258234181\1140376751" -childID 3 -isForBrowser -prefsHandle 3816 -prefMapHandle 3812 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {4cdcb8ac-59f4-4034-8c8f-cc53e9d23e59} 2332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2332.4.1529499410\2101051092" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3224 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {3487fddc-11b3-41db-b0f7-831a34c449ed} 2332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2332.5.1044424503\1418210917" -childID 5 -isForBrowser -prefsHandle 4256 -prefMapHandle 3344 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {9f6e5c8d-b5d7-4780-b938-9ecd89bc69f0} 2332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2332.6.571536364\1982599592" -childID 6 -isForBrowser -prefsHandle 3776 -prefMapHandle 3732 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1228 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {f8c0b299-8ff9-4ff3-aedb-451b02eeb652} 2332 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe --port 50110 --websocket-port 50111

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50111 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50111 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4520.0.1625220841\621441144" -parentBuildID 20240416150000 -prefsHandle 1648 -prefMapHandle 1640 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {6258df4b-7776-4b8c-a73c-beae6d1f681b} 4520 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4520.1.2048130422\951527892" -childID 1 -isForBrowser -prefsHandle 2628 -prefMapHandle 2624 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {dfe4a244-6ce7-40b0-91b4-6cdea89cc271} 4520 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4520.2.465627117\552966074" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {b9e23e80-6393-4bb7-8153-209f57557855} 4520 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4520.3.677678850\849414047" -childID 3 -isForBrowser -prefsHandle 3208 -prefMapHandle 3244 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {24140762-8cae-4da6-950b-81e17591799c} 4520 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4520.4.1230452256\1082055796" -childID 4 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {d187cd13-6d83-4d22-aa31-0508d856f3a0} 4520 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4520.5.1269103710\244522374" -childID 5 -isForBrowser -prefsHandle 4144 -prefMapHandle 4148 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {1ad4a39a-57d2-448b-92f9-39e82a812ff4} 4520 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4520.6.1412952041\1374392491" -childID 6 -isForBrowser -prefsHandle 4344 -prefMapHandle 4348 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {3014b609-e412-4e94-858e-d345498dc3e5} 4520 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="4520.7.2101668339\790268137" -childID 7 -isForBrowser -prefsHandle 4756 -prefMapHandle 3752 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1284 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {5b42d4c4-e3da-4653-8288-e91184709b6e} 4520 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe --port 50110 --websocket-port 50111

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50111 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKTu9UO

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50111 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKTu9UO

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1128.0.267889221\526007262" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {f021ab7d-f1fb-4f1d-a44e-6970cd8f7afa} 1128 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1128.1.2102172198\1913850811" -childID 1 -isForBrowser -prefsHandle 2464 -prefMapHandle 2588 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {a8353532-6ab8-428b-99f1-66458e5be2be} 1128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1128.2.1257714485\2126482595" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {4852aa95-b5a9-4764-8f9a-447de23dd927} 1128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1128.3.116701618\1475936099" -childID 3 -isForBrowser -prefsHandle 2216 -prefMapHandle 3176 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {e86e2630-d713-4cdc-bb71-c6f95513adfa} 1128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1128.4.1769460152\1074037941" -childID 4 -isForBrowser -prefsHandle 1532 -prefMapHandle 1528 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {d2235239-88ab-4bb3-8628-6894e60e4d07} 1128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1128.5.1782567632\614421298" -childID 5 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {9c5f60ed-6c84-4c32-bbff-40e09db54ea6} 1128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1128.6.1699948845\2016789964" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {6229ae8b-6528-4653-99fd-b6ca9019a9bb} 1128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1128.7.687681768\1186246826" -childID 7 -isForBrowser -prefsHandle 4552 -prefMapHandle 3496 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {164ce387-580a-4eb5-9d08-99485661a2a7} 1128 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe --port 50110 --websocket-port 50111

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50111 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZKXXz

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50111 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZKXXz

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5228.0.215161601\325876401" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {0522bb74-1ea8-4ae9-80c8-323dedfc65c9} 5228 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5228.1.228525687\282775825" -childID 1 -isForBrowser -prefsHandle 2672 -prefMapHandle 2604 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {67f7a1ba-e209-4d03-84b5-8001167fd193} 5228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5228.2.959852694\1096142927" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {01840c86-b83a-4b78-a6ad-3aa2baa12a28} 5228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5228.3.1308171289\948887239" -childID 3 -isForBrowser -prefsHandle 3312 -prefMapHandle 3316 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {2149da75-4641-42e7-ae21-4c3c3b54f1e0} 5228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5228.4.1313525630\2026790070" -childID 4 -isForBrowser -prefsHandle 3284 -prefMapHandle 3632 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {627c12cb-c913-4319-a503-be9e8f20a675} 5228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5228.5.1533819182\1838267475" -childID 5 -isForBrowser -prefsHandle 3884 -prefMapHandle 3880 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {7e5cae0b-015b-4a67-b116-b7a593fe583c} 5228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5228.6.1426366842\682706509" -childID 6 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {5dd9034b-cff6-4f0f-9461-6a478c2c8987} 5228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5228.7.1091582809\1871232633" -childID 7 -isForBrowser -prefsHandle 4292 -prefMapHandle 4408 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\browser" - {6b167a04-88c2-4445-8968-2d97a1767fca} 5228 tab

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 139.53.16.96.in-addr.arpa udp
FI 185.103.110.65:9000 tcp
US 8.8.8.8:53 65.110.103.185.in-addr.arpa udp
N/A 127.0.0.1:50204 tcp
N/A 127.0.0.1:50206 tcp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:50308 tcp
N/A 127.0.0.1:50316 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
US 66.165.241.228:9001 tcp
US 8.8.8.8:53 228.241.165.66.in-addr.arpa udp
UA 185.66.91.18:9001 tcp
PL 194.61.121.11:443 tcp
US 8.8.8.8:53 11.121.61.194.in-addr.arpa udp
US 8.8.8.8:53 18.91.66.185.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:50766 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50774 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.212.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:51196 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51204 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:50110 tcp
N/A 127.0.0.1:51540 tcp
N/A 127.0.0.1:51548 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI41082\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI41082\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI41082\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI41082\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI41082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI41082\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI41082\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI41082\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI41082\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI41082\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI41082\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI41082\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI41082\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI41082\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI41082\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI41082\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI41082\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI41082\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI41082\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI41082\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI41082\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI41082\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpdjvo5tre\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI41082\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3972-485-0x00007FFC0E430000-0x00007FFC0E431000-memory.dmp

memory/3972-484-0x00007FFC0D930000-0x00007FFC0D931000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1VC7RN\extensions.json

MD5 541e3e2fd82b7f91ce0db4b20e7ccbf3
SHA1 52a5d62653ecaab46e162eb6c955d3efd193e2c3
SHA256 5621bede0a9bd83592a0b772fda214b1e535f53eda287026699a14f57e41a946
SHA512 292014880920104cb12bafb4540848e63f141fc918ed8627fe3e720a89a457693426359158420d09527a0ddd273014418f96fab7c0d56d2990b4bfa0b30b9249

memory/996-520-0x000002B29B810000-0x000002B29B87B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1VC7RN\addonStartup.json.lz4

MD5 6f298ed823058ebcfa98af7ac05269fc
SHA1 bbd2ac17f107c454d09ec877353195cef7f50846
SHA256 3639e22dd09cac75211a045afa9fbae676dcb361d3a9214b6308c2e62515ec3b
SHA512 09cbe4f590d99fea9d8bfb454bbdc878134645dfca355193be4f8a23c4b8624faa16c9228944b1e765fbab9dc2b125354d30648c939081c2469c0e72a1fcd2ee

memory/996-535-0x000002B29BD00000-0x000002B29BDCD000-memory.dmp

memory/2332-555-0x00000212CDBC0000-0x00000212CDBD0000-memory.dmp

memory/3972-587-0x0000026697600000-0x00000266976CD000-memory.dmp

memory/3972-586-0x0000026697070000-0x00000266970DB000-memory.dmp

memory/1140-594-0x0000023347830000-0x000002334789B000-memory.dmp

memory/1140-595-0x0000023347E00000-0x0000023347ECD000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

memory/716-605-0x000001AAC5D00000-0x000001AAC5DCD000-memory.dmp

memory/716-604-0x000001AAC57B0000-0x000001AAC581B000-memory.dmp

memory/1860-606-0x0000026DD1810000-0x0000026DD187B000-memory.dmp

memory/1860-607-0x0000026DD1D00000-0x0000026DD1DCD000-memory.dmp

memory/468-609-0x0000021E4D800000-0x0000021E4D8CD000-memory.dmp

memory/468-608-0x0000021E4D2D0000-0x0000021E4D33B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1VC7RN\prefs-1.js

MD5 42b22b5e930d06efb8b8eebeb6a4a5a5
SHA1 9d0106689b8b6d1f0ed9d58aaf0a72f2cdf1b25b
SHA256 8f0ee0097228ecf451fc7a0875dff12f6d4856dd28168a049f811318aa14d383
SHA512 18ea7f719153843d705184d2ed5384b435d8e8a720efeaaa487ecf3e8948dfbfaeb557fba18f7c41dfa6e91e388bbb930e48306f6f30bf90a0cecd5280f2bccd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1VC7RN\prefs-1.js

MD5 3466ce669341d2511345a4be5148439e
SHA1 e6c0c7929ed80daef6da0e35f78061e72a9b000a
SHA256 d68016b4ce6ab283100e742b50c90b22b5713d37da6c79143208889f00bb5c76
SHA512 54e9af4580d329548ac7bfc29443bac17bf36ea7a9a8019fb2cc6b5662465e1d71fb101d3ba747c199a7297697885c29b57323f87c4d97cb979e01f443d6ef28

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 7f845e8af4691dee8564588baefc0ed7
SHA1 cbb30ec5cacd348e1bdc3d41a70f1bd4e5413f25
SHA256 653ee9acc3c4da9a16e66f66ac7349bb311f25e8964605c65c9d804e3bf5e439
SHA512 80ad3db36de0994dccef5399fa8482709b519ae539612dba4fb4a801709336a948314a17e2762cae083cf6579917415f620f0b65c31eb8d0486a399fac8f7717

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1VC7RN\prefs-1.js

MD5 54e50527e1332f1924f3960f20c7ee09
SHA1 2ea7d62c5cf1c7cb02a55b5334b9f9c825980653
SHA256 5c24721e5c46d4928bde83c780fbdaac57203f5bba0677ddd44dbc4aab227dc4
SHA512 57902835ce203525186aca74ff28b331fcbe4be6c7539cee1662ccf6b51d673852cc68fee59734cf4cbfa49369435b3b78c24af9610bb2fdf1ad222e673ac6da

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\prefs-1.js

MD5 d12ebe86063ccdef79c45224dffc8377
SHA1 1b0a53473e1e5eb837d94cc1a5d76b7870eee2a6
SHA256 fde79d4ace57a14811e9733357e0b166c3849d3d3224b87c5f67cb2bc7937ba9
SHA512 a319a06177d2dbefaa19fe1135647331b29177f4eec3c4791799d0e744e23416b7242d19f54214610c6084065100e7a467222aada05f504b0bc5aaa1e25588b0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\prefs-1.js

MD5 46e42a4bd6c1b3946affc5f9bb733890
SHA1 1d466f5534794bdaa710a6dfd609ffcce394610e
SHA256 eeccd66f9bb145d95db847b004cc0c7f93d467f0ed814201d52d8395247106d0
SHA512 2594aa1861989a84cb5c8d69af483ef1f6d6cc4c941a8b0f56d816d2041843b65885f2bd0708cdd412adbdb904971ded24ce9a0481b7441f05ad27c9bdbe942d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\prefs-1.js

MD5 0b244c4755d618904138f8a330248935
SHA1 6ff6f1f3fc292d3dc03852b18c8647493c1b65dc
SHA256 74be421f7318f554a1337c7eff24a45a520b18f3529c47e9dd809e9fcc3bfecc
SHA512 a778b98d0cf81f7c8ac292a847c27dbec1352af041cdffb016dbc4325edf979da6ebf1a81d687b4897481612fdeb4b74cb2f4b8526a08670a7e83785b8c3c48d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh9nQqv\prefs-1.js

MD5 646197ba3fb1e8d39ff6b9a639462abe
SHA1 84c884aa13d4520d1e8e69ebebec8e576141a6d0
SHA256 cd825a7a992c4a349bb9e6751a1f3aca8261c0677f6a9be50b9884a665061264
SHA512 515d7e654959696452da7c0948b00544760c250716f1f30b4ad011c71d80a3882c6a39651200ef0a025ed1c7eac297b4c41dd716487f5e467d1c2245f041a87d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKTu9UO\user.js

MD5 5efb5f46183456a97d0bb24819bef833
SHA1 dbf04c199c7abde4f99e09be1048f97fce609b95
SHA256 8abd81bccfd7440001c88fa719295d38fd8cbc8fa476888362a7286bdfeccba3
SHA512 40c3c37a1885c172aa7547bf388c880617f9de9baf6ed24d2300db0f72313fbb9cc3eec5f9c09d84f5523918aafbfb3f9ebf3333874ad1f5285af7c7fd256bb3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKTu9UO\prefs.js

MD5 f4a0653321bac635689172c3c55009ac
SHA1 bd4dfbaf799bbcff2b68ceecc383229e958a4411
SHA256 9bd3d8e23b21f941da39c46dee59a9d707620103b4d88bbf4e19032dbf427c49
SHA512 555ddb18102c43bb7fff481d68c56135ed97c4dabeeb606e00031100c75ee4e12cf45ecd7eb9bfcc3e6125ed2110eca13538d353a4502798df77b40ec8bd0808

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKTu9UO\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKTu9UO\prefs.js

MD5 c5b8c7c3537b44edf0155ae11e67783f
SHA1 e92c129af68836109c2c4f2f9fc23ab04d3eb235
SHA256 86fc1b2acd81e581572db8389f425871d1761658a128e3cb59f3179a78ee0d44
SHA512 7a26347ed3040c801c347c40d4fe41a085fe815743c427124dcfd97dee9aa25edaa0a68e4fecaf020480d5ffda166154c48d72a5fd2c7ab1fa990d904fa32cbe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKTu9UO\prefs-1.js

MD5 ea309a7586875f139c051256b6094468
SHA1 b4ae18fa3ee7605d76dfc6cd97a39773a376fc98
SHA256 b1af7462c1ac38f29fb2e43f6d9342bc3d26ef31fa9587548713d369f9132100
SHA512 bee2c20a1810dbba89e73770cd9697b6b814e0ce097ddc984491f52afbe877245ae77069a6afdbeaed6810573fdf397bed815969642e78545508e3d6d8f5f288

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileKTu9UO\prefs-1.js

MD5 ee1b66ea7b64b34b1bb17ef260eb096f
SHA1 129ab3fe65103cf7ccad22e996d4efe6ed47cab4
SHA256 ba12dee754c7fe149776c49ead63573244f8c309ef9cd75e425a48352bf9a260
SHA512 e75c8a89c134a76e4ebb1e3b534a201274af05c3bda3cd8d51ac4bf117f051cc23b378c25e35a051919ac2b2a1ae8d1a66f4377df15a8c0fb997aab5c151e07e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZKXXz\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZKXXz\prefs.js

MD5 548364bc733f0ebf6fa0243614bd7349
SHA1 c9e1178a7e8ea3a46eb4f0c9112240225414ff4e
SHA256 46ea9d552ce5f7740388e7ef0451ae6d4c358d0f95db4d42eef6169fdcb73655
SHA512 2f279a4ab589d424f80121d7a0a5aaa8c88429788b5095c34ef70394462941f4ff28a86d1d54db650f991d3928cdaf1c998dee62f8e0267b2eeed75175d3485e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZKXXz\prefs-1.js

MD5 07eea3e8ff85a4bb4ca579a3293ab7e0
SHA1 3fede1785cfcc86705a545fb66eb8a74e6fc0c4a
SHA256 5e2c800a2a81b0caa06bffff0e06d248d82e83baa820a0138673b9e5d4029684
SHA512 530da0df7505ea03286bdbdcb9293c612324af806d05e10e8c7533d3e5d5786fa81355db7a0155d9fa21c4341b0b7625ab515b9905aebe81fd54eca0b93f0490

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesZKXXz\prefs-1.js

MD5 574d13cdb10960547cc2484aaae2fc83
SHA1 a1979246d7a7b881e141bcd453fc211f85b073b3
SHA256 bdbfa8271086911237d523bdf5af61c15478b1ec4dfe43935c4c64c155d4f17b
SHA512 8f8943e8aff1f6cd7e08e65b6dc86b550a3a1b15bc401a8b2d38374464af1c5fa66d678754e143833649f701b5403978e1fda62155577d4787d79363710b105a

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:07

Platform

win11-20240426-en

Max time kernel

300s

Max time network

306s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3976 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3976 wrote to memory of 3764 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3764 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3764 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3764 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3764 wrote to memory of 3572 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4452 wrote to memory of 3708 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4452 wrote to memory of 3708 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3764 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe
PID 3764 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe
PID 700 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 700 wrote to memory of 1440 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 1440 wrote to memory of 2884 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe
PID 2884 wrote to memory of 240 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe --port 50009 --websocket-port 50010

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB8xwIH

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB8xwIH

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2884.0.421989850\2105449892" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {a8bb5814-efa6-4b85-8a91-952f9a418dd9} 2884 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2884.1.555815200\1719340220" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2304 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {900c8345-6080-432f-9c07-8418104268d8} 2884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2884.2.597693601\882416799" -childID 2 -isForBrowser -prefsHandle 2920 -prefMapHandle 2660 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {e173b2df-1f29-495b-8575-bd52b5699b2e} 2884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2884.3.1359815515\363790523" -childID 3 -isForBrowser -prefsHandle 3704 -prefMapHandle 3708 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {4c895130-e7d0-4474-9341-3bf619974e73} 2884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2884.4.1321236527\63358844" -childID 4 -isForBrowser -prefsHandle 1548 -prefMapHandle 1544 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {37fd0dcc-827f-425b-b410-34743b2bc802} 2884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2884.5.1939095488\228507887" -childID 5 -isForBrowser -prefsHandle 3960 -prefMapHandle 3956 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {10bbbb35-2641-491a-907e-7ef807ed085d} 2884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2884.6.188387885\1687863518" -childID 6 -isForBrowser -prefsHandle 3208 -prefMapHandle 3332 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {4a0c46cb-2d40-4ddc-b082-4e63fc8ee9c3} 2884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="2884.7.2112278517\1538632704" -childID 7 -isForBrowser -prefsHandle 4524 -prefMapHandle 3960 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {a6ce3543-1fcc-47c9-b2e2-056568da7cf3} 2884 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe --port 50009 --websocket-port 50010

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4728.0.129088898\1342904109" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {8a806d3c-01b4-4637-8e4c-e846392a7228} 4728 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4728.1.1065024089\350858047" -childID 1 -isForBrowser -prefsHandle 2392 -prefMapHandle 2744 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {211e9d65-6fe9-44d7-9282-aee45580dc07} 4728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4728.2.547599208\2139851954" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {d755cfc0-5448-4ad8-8a10-4fe7740619c4} 4728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4728.3.756246008\1921924361" -childID 3 -isForBrowser -prefsHandle 3212 -prefMapHandle 3124 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {be7eb80e-df5b-45cb-9e69-6a139b573177} 4728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4728.4.1734441291\1341879228" -childID 4 -isForBrowser -prefsHandle 3296 -prefMapHandle 3124 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {f5d2e66c-627f-4ad9-bd9b-e90aec7a2970} 4728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4728.5.958167935\693832975" -childID 5 -isForBrowser -prefsHandle 3760 -prefMapHandle 3868 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {cd50b718-792e-4e00-ac6d-7278893c5520} 4728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4728.6.874272291\1924673496" -childID 6 -isForBrowser -prefsHandle 3884 -prefMapHandle 3880 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {23bf3dcc-6a76-4601-97cf-024893057ec6} 4728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4728.7.1999647272\1609320490" -childID 7 -isForBrowser -prefsHandle 4468 -prefMapHandle 4464 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {e2d7bce1-7d51-46e2-975c-ad79b3709f36} 4728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe --port 50009 --websocket-port 50010

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWRo0dS

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWRo0dS

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1004.0.62329615\829204239" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {fddf33fd-42ce-4ab9-be96-5b25bc3e830a} 1004 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1004.1.1778068178\1240814096" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2728 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {577c144e-aefc-4eac-bd38-e4e15744b83e} 1004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1004.2.1371715511\2130520559" -childID 2 -isForBrowser -prefsHandle 3084 -prefMapHandle 3080 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {8eefa9d6-6f85-4b53-ab6a-f6afa4060833} 1004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1004.3.2017868820\1449332432" -childID 3 -isForBrowser -prefsHandle 3256 -prefMapHandle 3244 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {1d1a1fef-26a0-4bc9-a658-9fd8ba7ee4d4} 1004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1004.4.66265165\767803526" -childID 4 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {8fcc6021-2729-43c9-a761-c33cae8aee43} 1004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1004.5.1544978423\834404677" -childID 5 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {66d20097-3d1f-4d6f-9025-4de40842d1e7} 1004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="1004.6.419588560\646073656" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {81b2e62b-82ea-46b1-9259-7e071395cb94} 1004 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe --port 50009 --websocket-port 50010

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8nPoZ

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8nPoZ

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3204.0.1194840892\779347181" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {26eae2c9-15aa-4762-b25a-3f32c0d6f3cd} 3204 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3204.1.282622441\481415555" -childID 1 -isForBrowser -prefsHandle 2456 -prefMapHandle 2844 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {9fe71428-ee7e-464e-997e-04ccece83d06} 3204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3204.2.1440403364\318732376" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {2183e437-32bf-4daf-895f-84bd52e2834f} 3204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3204.3.1013070743\939730148" -childID 3 -isForBrowser -prefsHandle 3676 -prefMapHandle 3680 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {c42394dd-37ec-4172-9440-7bd1f4680198} 3204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3204.4.53932218\1879759299" -childID 4 -isForBrowser -prefsHandle 3644 -prefMapHandle 3168 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {e9ba11c9-101b-4bcb-a356-34d9c7757960} 3204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3204.5.1066640923\1564189219" -childID 5 -isForBrowser -prefsHandle 3448 -prefMapHandle 3428 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {f86b6b35-00de-49dd-9288-0877e9cccfc9} 3204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3204.6.2118509917\944242563" -childID 6 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {7db51b4b-fc02-40b0-8625-1fc1e24d1409} 3204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="3204.7.363096648\18657983" -childID 7 -isForBrowser -prefsHandle 4376 -prefMapHandle 4372 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {128fdd9b-84cf-46b1-80ef-5dc123077f1b} 3204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe --port 50009 --websocket-port 50010

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewTrhlw

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50010 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewTrhlw

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.0.37529565\318870096" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {44bb326d-04b3-4ed1-8e87-579ef1b1a001} 4184 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.1.1168511313\1461420259" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 1412 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {b503709c-934d-44d0-a512-2e509c0dc1f2} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.2.1521118548\688668413" -childID 2 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {70997038-ea4e-410f-928d-5535a03582f8} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.3.813951356\1673320147" -childID 3 -isForBrowser -prefsHandle 3148 -prefMapHandle 3260 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {130c5966-da54-48ba-995a-7651639aa313} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.4.70234769\1681654973" -childID 4 -isForBrowser -prefsHandle 1552 -prefMapHandle 1548 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {83077fdf-9130-4761-b4dc-19897ceebe86} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.5.696411574\592007126" -childID 5 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {8126261c-6dd7-47e9-a2f3-1985ad896a40} 4184 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe" -contentproc --channel="4184.6.1202405481\1741534970" -childID 6 -isForBrowser -prefsHandle 4052 -prefMapHandle 4056 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\browser" - {ed6025bd-3956-43b0-981e-6f9ae2cb6fc0} 4184 tab

Network

Country Destination Domain Proto
LU 107.189.1.9:9100 tcp
US 8.8.8.8:53 9.1.189.107.in-addr.arpa udp
DE 94.130.51.212:9090 tcp
BG 82.118.242.226:9001 tcp
US 8.8.8.8:53 212.51.130.94.in-addr.arpa udp
US 8.8.8.8:53 226.242.118.82.in-addr.arpa udp
N/A 127.0.0.1:50112 tcp
N/A 127.0.0.1:50114 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50217 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50225 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50572 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50580 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50873 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50881 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 52.111.227.13:443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:51192 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51200 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:50009 tcp
N/A 127.0.0.1:51567 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51575 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI39762\libssl-1_1.dll

MD5 75c95d1a05191a2f9101e24f60b6eff7
SHA1 f6136241c5983c4461df069c24a8669fac614539
SHA256 e3eaafdb87602671c30409f941651bfbcc42a0068337f605ff5a38d6283e1788
SHA512 71c894f6232c1b392184daa816adacad058af56e4b05bfdec8e0f1a535c5e4f277bac3b043e92a257bc427727be149e73165fe871442fc77f7a34dbf42f208dd

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 dff7c11471a2f55c9dcdbffacbdd24e6
SHA1 a86bf99113b0118aaeca6ff79a53d2b1a68b85a8
SHA256 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5
SHA512 f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 486fe872808014e51f75515c56a40cb6
SHA1 e7fa97e2e174aaa9badd0a04818364a9083874be
SHA256 90f55bbc9ddc538491475502e381a01c26472773900c41c1db19bc89860f6a08
SHA512 f2b0cb9a683e3e19d995040339660da9f2903dff885fba6f5a76adf7113e4d0789aeb295b4a33905615bd9efb8c733ad8cb349af6ba8015e0013546aea91ee8a

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI39762\unicodedata.pyd

MD5 74f0f14027b885ef241534fa196562c4
SHA1 ce3b7da95afcc5d5a1ba98b3559838fd5c590ad4
SHA256 0699d54b62a6af51ba3066d2234cdd0993888e96e508f6601bbc072c5ed850c5
SHA512 44e53181dbf565f374ffe66f8963d2e48733325df23fd0d4e3d4ecc23a7dcbebc5553a8aba83e918a59263c43a29d2873f252249e43d20525def232fdff0ac18

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe

MD5 0c5db0eb17c8d3d150f83fe1f6f1cdac
SHA1 c4ec34bd1ddfa10b7f9573bd8b78e2156df072a9
SHA256 12fc60109b5babb7220ae9b1ba044c03362c14571ddbc0cdbf862b9cf099b716
SHA512 5a7312adc507ac1c59ae543d06a943f01214b7e417e9f992beea3a3b782480c8806e42afa96e8eb66ce394a2b6b47052260ed0b509d08e7db0a64f493e85aee7

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 a476120b2211f8725f3764352a6f7d28
SHA1 5c166fed2eb792fb4a59ae42abfd6f6cd1a07e7d
SHA256 248d9a84421bf8408d6e127666b662f2dca9188d4d7487cf7f018f54c903cee6
SHA512 fa8801bcea830ceba340c28d9a3be61711b1ee312368364d51c56aa8df19931e237373674e41b523cb1a4446476cec62c1595582923ce64706c1e5198aea69da

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 a25f4695bbc2cc3bb10bfc72fe8c7c91
SHA1 746ab4d71282026d95f6ff41dbec04eb801f0ff3
SHA256 a813d451fefd83c27db756cb1482a8877ef260059ac06eceb462c07f16afcbca
SHA512 914a179074abbb31753501a96d0be7271af768c91dfdfa25f57d97ea65241fa5fa2fb64c3b07e069e2e745a99775cc45a8695a6581950246ad741166344602a0

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp04w7zkny\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 99e05b86c897bbc2a33698d443d918c7
SHA1 54b10038ed0559b7e8b9f3d115702e7ddf1662e5
SHA256 1fe298050cf93ccc745b1bef4dc34436f49f35429d5c418b3900d5a1f0d7ec01
SHA512 fa4052a39d0cb28ffe750d2ec42dacec6c0837d72cf9715d74a20083fd2086f61acbbca53b453ba591f357cde536c2688d31b94f6b739a4596b03e30c310b47c

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI39762\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 4c17d8aab9d46a4167d874cad4e3a7e3
SHA1 243133d6f00280d4a85c5700c178e5801020a193
SHA256 6cf46d9fa63bb1c4d252204aae09e4f5f5ea0ffe634a1cf7b30272d8a1f334f9
SHA512 2880b24cd4cf54e494bf939e59f2b4180e68f7372a6a55e3c378652df4c1f5d45a443b07c6ea47a7363c939e94c0d57a2eb16462acbd92d232e4a7a218ac4f6a

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI39762\libcrypto-1_1.dll

MD5 22f805d81bb63c361749aa058a2c2f3c
SHA1 721c3f519b4c8235d13805cf78433955b5762a94
SHA256 43740842e5fb5053106300fd1abc1eec7f8dc967331169ca7f866ebfda0f7cb3
SHA512 731727624516f2cd9d61ed7df0af1cd99b93a5047ad83e39a8aee7e9804f88482f1d486d0adb5b75c2cf05612dd566ddb7b8a4a4b49bd395cb298c7ed17de61e

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI39762\top-1m.csv

MD5 e332a31381c6ca9db2b50f1ce430d38d
SHA1 f89de1dc4757367477344ec569983fa8004de7fc
SHA256 499a94f6ff83bcd4389e3e590c146a19a51a10dd4c12f077e7510aa209a5bc0e
SHA512 d7f14f04fc25fe85a3981eefca46a6bfeed806447a9c443347572b9a7dd5e8ab038c77e07f4413190b5e4ad0286d7d83860bc51ed516a29f962df80973005ca9

C:\Users\Admin\AppData\Local\Temp\_MEI39762\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI39762\nss3.dll

MD5 aaaa596833fa9b0658528255a7d456b0
SHA1 083738ca5b627fbc777c8015b4b5c5b297139926
SHA256 db0c12517358daeaf02663ec235b02e265736f4f1c875469e065d869c05bebfc
SHA512 e1b9fbfc9d9a3bebac38777dd29c28d3725ae918bff02ca44d62c8a190fc235c59e66115bf6fc41ce888cf4145e0445c398b0fc159bdd2b78484357ca8cfa2ed

C:\Users\Admin\AppData\Local\Temp\_MEI39762\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI39762\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI39762\libcrypto-1_1.dll

MD5 78f7f01391d3b2e4449b299512a2506d
SHA1 a282b3b8b05d886a3a936550c4ef81c519f875ba
SHA256 657dcbfe240b176f6306055c4631ed9c1567b08fdbef44bf739ac2d3a3afa392
SHA512 12ed0f3a92248fa3621eaa7d9c103c11fe1efb13465a6fbb5579e6774ecdd8dff9852e16c5463fb7e5d2d439307291481620a104e772738e23a44281b49e1ddb

C:\Users\Admin\AppData\Local\Temp\_MEI39762\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI39762\geckodriver.exe

MD5 cc3d9fd2d0d1fe7415f80f1b8338bb83
SHA1 4a2ce0dcfe92fa580b235d025fbb87902548f78e
SHA256 65f327d15e6634a75457968c1351533a5fc92a906487611a3a78d380c54b99b3
SHA512 da17ce903cd4c09ebe53345940ca41d34089958b225537e727301273ab5845419d36a86d0574567b73b5dc7031c1bcfbd86106651db8f10ac413065dd27607d2

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI39762\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI39762\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\_MEI39762\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI39762\base_library.zip

MD5 196fc7563beec5caf7c72cfefe27a4c0
SHA1 c3d9ecb19ed275d5e72dd2a2b8e63ae4b1339614
SHA256 ca9d50db79635bc360319cbb7ef3054ebb5824298e72663f38a1389575e839a4
SHA512 f0d6d9eae8fa63bc1922a8092236ab832c5d640d2775f985b13cd661796ee68b0c690146e84e2d54f55b374b38345d7f4c295d403ea6ade60b268d9a56cd139e

C:\Users\Admin\AppData\Local\Temp\_MEI39762\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI39762\python38.dll

MD5 c40c36a527b224a242b22a301df7bf0c
SHA1 41099f8b597e5ba6f4e7b8cdac655fa432a5ee28
SHA256 68cc16d68ad3cc8632942005625dbf23aa90b9a00c18ebe83981f66c8a34830e
SHA512 97008b6af13408d061341a881a1285b2c810dedc30948d0785e19d25526320ef9304170572c637d66d9c7470a9dd007f1a8417305d9e63fe0ca8c3ca5b537e50

C:\Users\Admin\AppData\Local\Temp\_MEI39762\python38.dll

MD5 a2d1ef944a3b2ece9251bdd4528d71be
SHA1 5d422a39b769cddf186e36eba348a5382bb81ab2
SHA256 59e24582777846f7b5eb952b08a2346801ae20674f0d18a65c0d415095b8e543
SHA512 abcfad3bb39d143bd56d350d83a4c9ded669504ab89e5d860862e04801e419cc96d8169d1df320a69a97f13ea6f919a34c68098c3d563cb9eccc6f7c9a978828

memory/4240-491-0x00007FFB13BB0000-0x00007FFB13BB1000-memory.dmp

memory/4240-490-0x00007FFB141D0000-0x00007FFB141D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB8xwIH\extensions.json

MD5 de511d8ed1db1fde37ff4db427d7b3d9
SHA1 96843cb1d44c6fc52efb8b40036e57d39a06841f
SHA256 ee9bdb92581143ebe0a7268f54535fe59c51c3eeb804380cbc39815176b0bc75
SHA512 b2e8d69a23c925bdcce61ffe351011423a3f256210fc7093da30cfbb0317fec573e6dc1d73d64deebfef3260563309bced685267e6bced4ba5acc7f0bb4b2400

memory/2884-550-0x0000020569890000-0x00000205698A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 efc449b2e5179a180a0bac62868cb05d
SHA1 fec8a649440fd5a4ba487a7bb82fef93111c5acb
SHA256 9fc0d6a0e1956c57fc869b12d7cc64bc32e7010ff135a1cdf2f322579ff9b4b4
SHA512 7f4545767eca2be5c513f709833290e1bf21dca7e4aa4b3317fb967cd6153e88afd520c568f5376cab16868fe333a90298be2b9c7d161edb1a7c02aa6e1c959d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB8xwIH\prefs-1.js

MD5 af681293c1fa8fbbc4b5de8e18ed7143
SHA1 04ffe67fdfcc43dbfd10d0ee5a7f857d42e7c71e
SHA256 d92e4746c727cb100775994b9c29f31015ccf17c4698eb9a637908ed74456d7f
SHA512 ad3616b11bc050420d0d8500c46137e0b7a7f246122ece363d95a9fd1ba188b11f272784397d432b6f03e9dc81da9e24b49d2c4821e9784d8a72747bccd85326

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileB8xwIH\prefs-1.js

MD5 91bafa52c59a115b305642973366757e
SHA1 360bb67e8f98b2464be2d53319a375ddd2477890
SHA256 c706d2279911b7d270ccd1985bd6bd407ab6acbc803e4d46ce5592b011c47c5c
SHA512 f5423ee90990928b3e94a6753da9b10e16f07797f68ce81a173b2a774561196ce605f906084fdf01d2c085a67474dae2f2a3a0b0ce6b3c8668aca38a485cc26e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4728-861-0x0000021D6FDC0000-0x0000021D6FDD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX\startupCache\webext.sc.lz4

MD5 a7b81afd848d8f7b2d0e9e4a30b50f5e
SHA1 72762d5d1798538b6a74183f812942ebe5a38206
SHA256 c3a6f2b0942b88eea06f49bf363e1fd3684c710b6b4928fdbcae613f10d2ac87
SHA512 cd03022f90a91621c023896f7cc47edb22e5546e7e1237c52416821a9e83166bd299c496208d59091ba4b0b7440b8157509310ba746b60976c8b42eafc87ce69

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX\prefs-1.js

MD5 f61b4b64d887f971c568d8efc5026e3e
SHA1 01ec7c56d32e1ce446b9cfa90266e3ba104d3d1b
SHA256 10729ba51bbcdd76231a75e669270779042b3841807d2a4b6309bb0a69a0a1d5
SHA512 a11c5f197c445c29c98b98cf32d6ffa1e5cdfcf5d6665e7df9390bf89501c940e99f3dfd6372cc115224480ae43eade00d6376f94f96df075b4db1c5296d112a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileVoCbcX\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWRo0dS\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWRo0dS\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

memory/1004-1148-0x000001EE0F270000-0x000001EE0F280000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWRo0dS\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWRo0dS\prefs-1.js

MD5 cfdb4258a980898d5f173ff93c75f0c3
SHA1 d0158ae0104f3fa064e369b8915367a6dae34bbc
SHA256 446813d31228025122b6ba45f7a8003172cefdffa96f642d8dcb78e4b29257ea
SHA512 74dd6e738c61b4fbb38ad55a0feb01a4e423d4c870c553ff0b1e5a315c3da4b5fdd753ba7933f641be0e9a6496244e34c66f9b0a93f133582e48b4090fee0a0f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWRo0dS\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWRo0dS\prefs-1.js

MD5 0a1899915286f3886089bb70e5e12ff9
SHA1 76b91ce9a411318185630647a54633349c3114b1
SHA256 57795de3af0df1acdc9928de3ce53ab69d43866f451170fa97b79125c53fec03
SHA512 531169f4398c4df00800f42a361149a733c847e2802440752d360d7a5a2472f08b04386d7c6d35db78f47ea15d294226c9ce33e4f4d0b376455fb5f6236882ca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWRo0dS\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8nPoZ\prefs-1.js

MD5 8ce5e2846bd1a88db2843db0b0d8e7e2
SHA1 c8484044f804292973862d57129e15275adb9a86
SHA256 f5913b4b49181105fe049caa70826fed31c65f42ba977e4adfa02912c866d7d1
SHA512 1899a6a12d33fe2a2b7cafe2a8f6e874059a5952bdbf0ee5e254bf92a0d72f07c8ebe7bb4e0006026c136284f652114b8f334c55023175bcde4f1c411ce61da7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8nPoZ\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8nPoZ\prefs.js

MD5 9dc7cf583ba425cb8d4afba662951e19
SHA1 5a626892b7105b58adb7bdedb5c0d1ebefd380a7
SHA256 5369015d5b7dda52f7a7a0c9a1b99f9597def93d9b366ad95591beeccd22b6c1
SHA512 f865773e4084b4fb10827f3f8d3d028d5b1557f111d3d348c6c5afe88254c3988770cb3994cd8dfc78f3c5e5099d9acdcba350130bd015041eeb3cee8a88afdc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8nPoZ\prefs-1.js

MD5 7dc75e455c40d9ef0785ddf1d7ffbc69
SHA1 a2d3d653754e24b3522e64a1af7be0d775a45469
SHA256 deadd1c8cde92ce3c27806cc0eebe7e4dcee427bd32b5466b53009779650712d
SHA512 843ba1bb0455ea66d7a21e7bff6804c620b7661b8c42997c04d8c98f212fac5a982fbfe5286da5b43889ed9f9f1cb3a3f6d7106a9f2f8e1e3492bd68ad7ba5a5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileA8nPoZ\prefs-1.js

MD5 cd2e38bab356964c14d4d9ef74c2ec2c
SHA1 50c0c0d4b94290e5c5073c8225bf61cfec482b65
SHA256 a17e41d857d10bd36ed7d5490b0e54ce5dc28a754f8a971864e8b423b0300df1
SHA512 430e37ae9b36d81fda7b633d917ead424fb6dcfdf003fd24598d91b58c5aff5f331fe0dd0c7f8d0ec3f08883992f273418ded6f7b273e098f0840cd7dd479194

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewTrhlw\compatibility.ini

MD5 d3de9f8da5a3fafb0f445732cdffbe74
SHA1 dc554c6a1ac196c3ed8239ea9a427cc378ae9be6
SHA256 fa7d5f73cf475acbbb74c9988a0fb7159a76f8ea4ae1755eb459ee25938d79d7
SHA512 b5e894f1b9c619464888772d0e827f2e1135e7e108cca82fd96cd3ef12717309869fc234483f56f9c097f1df81a36f85812ea76dfeb81924960383f3ae4ba6d2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilewTrhlw\WebDriverBiDiServer.json

MD5 bc7d70b01fdc0d55c0f2d98fe42308a8
SHA1 eb7dc28e762606917296f8861bb7ed6e96804dbc
SHA256 78275725aa70c2b068abd6ee0cc302c5c4bd9fd66cf3bb5d83c4c8596832416e
SHA512 3e51a65191e476c88714e15c31f53e10015a9bcb5f55cd66b42ab9506f80cecf4c3e77be2ec3ba030d6e81cd4ec41dfee1c368ea356df2c45e5e0c8341b4c1e1