Malware Analysis Report

2025-06-15 20:36

Sample ID 240509-ccj9dacb2z
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
evasion trojan ransomware pyinstaller
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Likely malicious

The file heavy.exe was found to be: Likely malicious.

Malicious Activity Summary

evasion trojan ransomware pyinstaller

Renames multiple (64) files with added filename extension

Renames multiple (66) files with added filename extension

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Detects Pyinstaller

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:57

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:09

Platform

win10-20240404-en

Max time kernel

308s

Max time network

329s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4948 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4948 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3280 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3280 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3280 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3280 wrote to memory of 4400 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3900 wrote to memory of 3568 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3900 wrote to memory of 3568 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3280 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe
PID 3280 wrote to memory of 1172 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe
PID 1172 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1172 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 5100 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe
PID 1896 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe --port 50064 --websocket-port 50065

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIuyWWW

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIuyWWW

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1896.0.1515967719\1349578461" -parentBuildID 20240416150000 -prefsHandle 1472 -prefMapHandle 1460 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {b406fec1-45a0-4270-81b9-8f66c83ab2ea} 1896 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1896.1.453060711\1480449218" -childID 1 -isForBrowser -prefsHandle 2580 -prefMapHandle 2128 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {05c1dcc1-71c9-485d-9d42-122489610c64} 1896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1896.2.1101277058\2142610207" -childID 2 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {8e955903-cc14-4ee5-824d-79f7cbe59b09} 1896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1896.3.10264275\1279351264" -childID 3 -isForBrowser -prefsHandle 3304 -prefMapHandle 3008 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {cac7d48f-0587-4224-b375-e669e7c2e5cb} 1896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1896.4.1638461468\693578134" -childID 4 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {b7940419-0889-44fc-9278-1d2451f1dac9} 1896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1896.5.1732310542\134650391" -childID 5 -isForBrowser -prefsHandle 3896 -prefMapHandle 3892 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {5bcb4434-7c68-47f8-a767-0ca9711b6288} 1896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1896.6.460487559\2032107643" -childID 6 -isForBrowser -prefsHandle 3708 -prefMapHandle 3648 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {8e4e8dc6-3f73-4285-be59-edc91af0fc18} 1896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1896.7.1593752300\1255141552" -childID 7 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {0b2ad8bd-6545-4ace-a4dc-fdc3b5405baa} 1896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="1896.8.732284598\205835440" -childID 8 -isForBrowser -prefsHandle 4308 -prefMapHandle 8392 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1116 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {e6363c7c-b0ac-4cd1-a831-87cd545a49ff} 1896 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe --port 50064 --websocket-port 50065

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2388.0.442774131\1160743841" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {07f4ff86-abd7-450a-bc52-9ed47b0c1134} 2388 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2388.1.514477366\654236118" -childID 1 -isForBrowser -prefsHandle 2688 -prefMapHandle 2684 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {1fe78861-0048-4c20-a04a-18b55922e2ed} 2388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2388.2.135317519\1832071905" -childID 2 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {8eff9330-c97e-4e90-ba9e-2f46765cb475} 2388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2388.3.1828876762\987081668" -childID 3 -isForBrowser -prefsHandle 3220 -prefMapHandle 3384 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {694e4526-760d-466b-a0b9-af4c0b6558bd} 2388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2388.4.678673509\181108710" -childID 4 -isForBrowser -prefsHandle 3552 -prefMapHandle 3540 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {2c4b3da0-c7b5-45b1-b514-e5433e18ce52} 2388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2388.5.169627168\741542817" -childID 5 -isForBrowser -prefsHandle 3780 -prefMapHandle 3776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {3d3cef78-29a3-4297-a805-23674b85e4ca} 2388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2388.6.922726680\203572308" -childID 6 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {e3a06340-f4e3-42d3-bc56-82b99f1a560e} 2388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2388.7.1653417339\1234466609" -childID 7 -isForBrowser -prefsHandle 4360 -prefMapHandle 4356 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {3a75abc3-78bb-4558-9cf5-6a7179f44c52} 2388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2388.8.1082434174\936791712" -childID 8 -isForBrowser -prefsHandle 8532 -prefMapHandle 7736 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {a4d30fe3-5d03-40c0-a45c-9d6f172ae4a7} 2388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe --port 50064 --websocket-port 50065

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezBUcSp

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezBUcSp

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4500.0.238977890\366575168" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {94b55b29-8e39-4291-b4be-b7ba1d652d96} 4500 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4500.1.1850963886\1142153856" -childID 1 -isForBrowser -prefsHandle 2608 -prefMapHandle 2624 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {696c2c36-3f07-4ae4-b0a1-494f4bedb487} 4500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4500.2.302021272\373337460" -childID 2 -isForBrowser -prefsHandle 2916 -prefMapHandle 2904 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {a4fc1cfe-aafa-414c-a7dd-213db5bb9a31} 4500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4500.3.212892902\1454013627" -childID 3 -isForBrowser -prefsHandle 3376 -prefMapHandle 2956 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {eeb60f59-4996-4cfc-9f1f-72bef6136787} 4500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4500.4.2096684073\172766518" -childID 4 -isForBrowser -prefsHandle 3576 -prefMapHandle 3456 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {f6a9846e-af01-4a76-b11f-b9fa6501f7e0} 4500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4500.5.671884103\2025990998" -childID 5 -isForBrowser -prefsHandle 3800 -prefMapHandle 3796 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {88289ab4-3d37-4143-9ed3-197a6908a553} 4500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4500.6.1558253841\456383687" -childID 6 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {b37b24e7-a246-44ee-80b0-1502c3f886a6} 4500 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe --port 50064 --websocket-port 50065

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX9OtS

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX9OtS

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4048.0.658494004\1877854094" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {62ffa903-53c9-49c9-a282-ecfa34d79dab} 4048 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4048.1.1998776188\385471729" -childID 1 -isForBrowser -prefsHandle 2500 -prefMapHandle 2496 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {86179e7c-7192-4ba0-9dde-16de83b93f16} 4048 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4048.2.859075912\1241148655" -childID 2 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {af55c020-406a-4e00-b230-356139d1fb17} 4048 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4048.3.1847558019\134835396" -childID 3 -isForBrowser -prefsHandle 2980 -prefMapHandle 3036 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {3b2a294e-df6d-43b5-8d72-03bbb7e34b40} 4048 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4048.4.1823217818\1724615338" -childID 4 -isForBrowser -prefsHandle 3548 -prefMapHandle 3544 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {4ed866b2-8eab-458b-a11c-d2b3a2189d9a} 4048 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4048.5.1341219717\1230307479" -childID 5 -isForBrowser -prefsHandle 3700 -prefMapHandle 3704 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {d7df2331-cbd4-435b-95c3-0141f96f6643} 4048 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4048.6.1061508560\1101345964" -childID 6 -isForBrowser -prefsHandle 3956 -prefMapHandle 3952 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {3955db3b-c932-4224-bb2b-089fd912ae7f} 4048 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="4048.7.31082137\1634782619" -childID 7 -isForBrowser -prefsHandle 4360 -prefMapHandle 4164 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1096 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {2885ed95-ae11-4afe-bfb4-e499a706a33c} 4048 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe --port 50064 --websocket-port 50065

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUzg7iK

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUzg7iK

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2236.0.577678433\2065271111" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {48982ac0-7357-4f31-85df-4982937dbc6d} 2236 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2236.1.1445514517\1597675713" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2752 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {0d60b78b-1646-4c6a-a6a8-c609a3feb7cc} 2236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2236.2.926157052\423095195" -childID 2 -isForBrowser -prefsHandle 2160 -prefMapHandle 2424 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {5d93a282-0178-40fe-b16c-f6db6070cd96} 2236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2236.3.1130957945\1689345803" -childID 3 -isForBrowser -prefsHandle 2128 -prefMapHandle 3156 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {69c79d27-230b-4a6e-bc7e-ae6d7336b6b2} 2236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2236.4.1741010588\15763890" -childID 4 -isForBrowser -prefsHandle 3624 -prefMapHandle 3612 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {b130ecf2-50a7-4d99-a836-157813e448f1} 2236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2236.5.772768460\1812714975" -childID 5 -isForBrowser -prefsHandle 3776 -prefMapHandle 3432 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {dceda9d0-998e-47a8-a8ba-f478f9a07fa8} 2236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2236.6.569152989\1198040928" -childID 6 -isForBrowser -prefsHandle 3928 -prefMapHandle 3744 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {e1afb6f7-1710-4a7b-99ab-3df20e5ce250} 2236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2236.7.1317996713\1615355812" -childID 7 -isForBrowser -prefsHandle 4328 -prefMapHandle 4332 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1168 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {7db61def-3c53-45e9-86e1-41a79d809c10} 2236 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe --port 50064 --websocket-port 50065

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0CIEgp

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50065 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0CIEgp

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2424.0.1163520239\576180504" -parentBuildID 20240416150000 -prefsHandle 1484 -prefMapHandle 1436 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {0cdf3a8c-178d-4db5-b171-4308563c5ad8} 2424 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2424.1.1405492278\221978877" -childID 1 -isForBrowser -prefsHandle 2524 -prefMapHandle 2544 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {1ce5e600-2c09-4534-9378-d17c71aff8d1} 2424 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2424.2.881123858\1501957929" -childID 2 -isForBrowser -prefsHandle 3032 -prefMapHandle 3028 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {d7a661f8-9c11-4f86-8915-db7f025b8ba4} 2424 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2424.3.1864002097\1935342070" -childID 3 -isForBrowser -prefsHandle 3068 -prefMapHandle 3056 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {dcebc980-0da8-4ff7-b72c-b6efc3c8e913} 2424 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2424.4.1031573555\2133884107" -childID 4 -isForBrowser -prefsHandle 3676 -prefMapHandle 3200 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {8b85d2d7-e3f4-4cc9-8b2e-d131879dac04} 2424 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2424.5.785046870\831761235" -childID 5 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {f4c5ba83-aaa7-4c06-89e1-7e7b6bfdafa2} 2424 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2424.6.967060476\785351539" -childID 6 -isForBrowser -prefsHandle 3996 -prefMapHandle 3992 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {81c512af-56ac-4b39-aae9-465386949ab3} 2424 tab

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe" -contentproc --channel="2424.7.838463675\913070350" -childID 7 -isForBrowser -prefsHandle 4456 -prefMapHandle 4468 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\browser" - {0cdac601-9925-4581-86f3-428c580501ab} 2424 tab

Network

Country Destination Domain Proto
NL 45.83.5.242:9001 tcp
US 8.8.8.8:53 242.5.83.45.in-addr.arpa udp
DE 138.201.196.252:9993 tcp
US 8.8.8.8:53 252.196.201.138.in-addr.arpa udp
US 107.155.81.178:443 tcp
US 8.8.8.8:53 178.81.155.107.in-addr.arpa udp
N/A 127.0.0.1:50167 tcp
N/A 127.0.0.1:50171 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50268 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50280 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50671 tcp
N/A 127.0.0.1:50679 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:51036 tcp
N/A 127.0.0.1:51044 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:51316 tcp
N/A 127.0.0.1:51324 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:51636 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51644 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:50064 tcp
N/A 127.0.0.1:51938 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51946 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI49482\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI49482\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI49482\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI49482\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI49482\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI49482\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI49482\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI49482\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI49482\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI49482\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI49482\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI49482\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI49482\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI49482\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI49482\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI49482\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI49482\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI49482\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI49482\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI49482\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI49482\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI49482\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI49482\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIuyWWW\prefs-1.js

MD5 6184cd6429993c9de17130cd8939a25b
SHA1 cb206032b463e7442335ffd73428334bc96ec548
SHA256 908fc29d8c4a2f6144b5d58a00b0d48fe9f5f5842894aabf29cec00f383b6afa
SHA512 13cf48cf955a676734bd8a25663cb9a280a5af3577f7cbef9b026e6880b52403630d552bef063c13d0e2a948b4ac65bf2dd1d2199a500f6b09ada995bf5ac77a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIuyWWW\extensions.json

MD5 216ede45e4434254034420ffa46f60fe
SHA1 f1e15a8a664db72a3b378843187061a691b22cb1
SHA256 11899c3818d673237085bf00d7f1ed7c2fbfb6542d8ad689ea492550b24dc200
SHA512 20d05cc04835bb54dd0a0c41fc26e3c002039a923d373a27262b50f81aa37876eb4c324a5674bd2a9d9595b326235c00ac9b1c299969d81ffa5525e9cf27113d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIuyWWW\prefs.js

MD5 832708086d299907e2f74399329be24d
SHA1 ce7da8dfe77e78dd9b7571f25ca456cfc178e9f8
SHA256 1dc6affa7e5899f1273bbc13ea149b31bf8ec930961a09648f9ed4ccab20b9a5
SHA512 344562099888f59c9e5c858044d57a310d14fc01b54de5d07a16bdee83d8bb1f8d55ff303a80bcb1e28d983a5bface9d82935d731430980e8e912a33443f6387

memory/1896-561-0x000001FCADDD0000-0x000001FCADDE0000-memory.dmp

memory/1896-592-0x000001FCA24E0000-0x000001FCA2650000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIuyWWW\prefs-1.js

MD5 2a98ace081fbab085f53cf5b2c617b26
SHA1 e896314387283cb17db7f2aacf0ebcc60ac8a3b4
SHA256 cd126b1a93d3b396667ebf14aeb3ad27a38bf5f57e3f1b7d95c647abf65c2b85
SHA512 e65dd050883c9b70df448c9412550dbc934c94dcdf562d41188bf34f499c7fafa0714c17179b601d74690f41c18c259f75920a15fb2db99eeada727faa0143eb

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 779f892e5f93e3ea5cc04360e1e4a225
SHA1 2b56055f871060179ba3b5f5d9453fac1f578075
SHA256 59a108121a0252e55388243856a1a480856e7ec2d8554e005573541e383aea4f
SHA512 798bb9acdbff21756ec45671453c135f02550f9b1ab92564c252e97f3c342350580daf0e976e0ca948ebb1e37bf11c5c6af2baaccc4c573990e3ba64e5eabc57

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIuyWWW\prefs-1.js

MD5 a52c624c7b2652d9409f5783e19de081
SHA1 98bdbd00b089e9147f0862e47e061396cf515a93
SHA256 16bee6001693d5db6a9a35481f877488aa618c71cea1142e08444b41c2b6b66a
SHA512 0147fdd1e92a5b889753bf059d95c09b223e16f3a8627ccf53c57541013e598bc99e9894514d58dc04e3b1820bca7b0f464a22492797e113bff1b502a9f11ddf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIuyWWW\prefs-1.js

MD5 db949a1f26f8755e28ab4b2725b879f2
SHA1 a85100b3c346aed9f01a3c6ac21204d5e35b6cef
SHA256 f391c8eb242eb2addc83b347937b775bf950e3446a6926a9fdce3b373c4e4abd
SHA512 5c4e618e49064f1884361529674b2a33ce9b15c65b1f914b09121410499849c4914cf037c24014b4fbad13b726c73db828395976f81d9e07b4d36c0c503bb7ca

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

memory/2388-888-0x000001F62DC80000-0x000001F62DC90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\prefs.js

MD5 92ad3ec43908f13e698a6e1c7b5be059
SHA1 120942ed9ec7ba97f8f3fb7242f6b64f3c9e9624
SHA256 ee81eb86e0f75285889250dd2a2d6587455e984a469589936878f0b0b5a30d19
SHA512 351f0624d846a5192c1cd6418754cf11b00fbf2214e0c6f0634cea86d79c02a8f643f325a5d730d64c238526a47d5a0493ee7a69a8c1ea23b58e5b78bfc1eac2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\startupCache\webext.sc.lz4

MD5 86627baa70d9cfe37d7c3ec075f8db15
SHA1 ce9b04817740b83df8e020ebec6cd5ae233f17cf
SHA256 5718785a4e2fbc699135d41fb0707f5cb515df344ce5c2337eb1d98190e98de1
SHA512 74220ff62f8f0de01ccb43f1a87058cf7bd613324a9c87d15121a49576effecf4dd2d8f313bfa67bcec58978088a79d079ffa3d37c34cef32cddc21faf4098f4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\prefs.js

MD5 50b538c5d6b9c6a4113159110e776eb2
SHA1 8c0e0e77ba42120ebd737aedbe55441147de069e
SHA256 798156fe8b0b2636bffda6f439ea1797cee1a3851baeff730f531154435d7436
SHA512 52c340c76e5777481a8a7923b7c44aaf953ec82f7c370b23f629e76f038fbbb628e76d0ae72a2f3035eca6843cff286acfcfb8ba8a9c049e2a029b6597b52a30

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFBWyyj\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezBUcSp\user.js

MD5 c12c9f2051ec5c382b2a9dd030d2d188
SHA1 242b06ad1e61ec39c133b3d01daac00c8347df59
SHA256 cc20e30fe3e536df77dde49d370eea21da567da71a78ee041d0901966960ab6d
SHA512 adf5f6967126defd34780dc2c5c98dc1fdff2d6ef3e218d98acd79873ebe7c0c8077ff1e984ebcc8a16f172e03cb684f9ebdf1c7e7b833f75f536525c7d413da

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezBUcSp\prefs.js

MD5 dfa33dee4e5def5ec8cb2471641616cd
SHA1 bd8f8829684b01d9ca6d1762e9d7c80e2956d8f2
SHA256 30d5194f6102c044fac13dafae0399c11a1f8b54b764291b4a9306bcc84b5eda
SHA512 8c5a6191e2efd154f727610a6da3d404342f78d38e4c291a4c7e4bf00778736c45fb7db4852770a0edd1d63a0dbfe8ac57a8fe8c8c6e6e1de3a4d30de849eaa1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezBUcSp\prefs-1.js

MD5 2b3d7bea91b11071ebc65e58a5ae79ad
SHA1 e6de602e7ce01ac4e0bbb1cc780b0928ad1c5ee7
SHA256 22e372026326e1a7a8f37b4df7f130cf1778b9abe4199ffa2b4188a126c9b514
SHA512 9e0c55a8ca540060e30c4e79c5a2359518290b431a3f207313f995b2db78acf4ce9dc8cc98fc1843ff74690f23b80e0d93832b604b8c6aa0b705d06d1f64678e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezBUcSp\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilezBUcSp\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX9OtS\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

memory/4048-1432-0x0000022005CF0000-0x0000022005D00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX9OtS\addonStartup.json.lz4

MD5 f6766efc6d47022058b9585a778bd9a7
SHA1 aae8618d3eb1408cab33809d88154d66957d976f
SHA256 409a962ef92352f2b9bda55ff123919a6e667d451fc86b690b5b975f27fb6082
SHA512 34def1d884b81ffd3f11257615eba7d4851173e8dd6d1950687d0980c9a6f99960402f3f3d6681f053b6fc12081c551cf921d86bc0d5362ae207441a4329a079

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX9OtS\prefs.js

MD5 2af096f17ff73d2f76a1c37bd718e0f8
SHA1 ea04cdb4af5b9f79d42a00fe4b5507343aa94eb9
SHA256 d7c875299da3a6aff61debb8fa1a3b28a20aba01860766414a7a2f452f732de7
SHA512 4ea794f7bb37103db22766dca942b0071a3c1377d228b806fac4e3a257f79ae1dbd4e3da265cc21f7c32162a7c8212f6232b8878ec1fc155754baf30c9e73597

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX9OtS\prefs.js

MD5 89138ad13ae4ea6fb502c4913b60e366
SHA1 92c172a3bfca8d9ba97c213dcc749fc6f848d21a
SHA256 f3a9ae55a52ba010e1224fa488dfdf99bd297475f4f6ec1682acd607054cba0c
SHA512 6d3f15f2995e849b846ea51589d0db8ccd4ab0245b144089beab7cb03ddb91226198dc9d1236b1a6cedc0bfef95a0ddc451da46cf7e7c0fc714e34145a9c04a5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilecX9OtS\prefs-1.js

MD5 e8b3f7e55cff899f8365d67b254b6bd8
SHA1 292371957806feafebda18c0e111f75841347cae
SHA256 7eec31beb88ee6e41d7a6f6a9f99bcdecb59f52ee23e99c08ef089ae52ea659b
SHA512 e4e5b9fafc2f15afcd7513f24559f7c9ab8922f4806ca69b4217ba53625f255d40905fb70c8c9bb20e6b4850a13b7198278a162bdb72553cd90b21072e138b61

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUzg7iK\compatibility.ini

MD5 47273dcc695a0c373577e01e9c9d6cef
SHA1 8cb6eb1b87f53c25e8f2dcdeb3f04a52a4aa24b3
SHA256 86cda73c53b60085d4549727323f9bc636d5d1d7896b1a9ec4698091c1004907
SHA512 28e69211fde009cfa2c899a38f05d5a1ef131ad9363bdc2b20e7a7e03f31f6ee308d4049cc254264a11be795f4c69a212a425cb6dfe08e0c7c882a7e357ee646

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUzg7iK\WebDriverBiDiServer.json

MD5 628d0e666782bf1f88191a6050c423ed
SHA1 04995308565c1bee8602cc1844cd8c4e4c92d1f3
SHA256 00eeb942d821e5fc9d8661a9879806019d5ce716824d2d80be4fbeb1a4962756
SHA512 060a966998af3717de5bd552d92799e8a7c81832c1ea2400c8ea693d98124851123d0051ea25caca63caa4afd4966efacaf4b7fd8f018c1a81af773924e7bf0f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUzg7iK\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 41225006854a22e4bac99e794e8f88ff
SHA1 291919a7a773f078b91762198012eeb8bb8e1608
SHA256 c83b27930f4f020a203e233654fc6491b43d0168e61a4ea14a086488c780f36a
SHA512 b2cfd63b5e12aa7e458b84de08bdb23d397029a2024088b00e44e8cee452eea0598c3d1d13d33c2970b08e9e95ba41691f9eed2f1aad387bdd569c9387fa930a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUzg7iK\prefs-1.js

MD5 cfa898f18ea366e623a3c0c99aa640b0
SHA1 b4f7ccc7bc54fa14033abad2e20c891439d0eb58
SHA256 6887d451548af130036bb1d05c50c8a08d43b93b77e2bef0cfad61d8a2aee2d8
SHA512 b4968f038ff2babe9d324d7515b2749b48262325d6b336e6b47e15a8da97f1955c90e94dd9b3133dcc9e8fcfc4a40dd9ce32f12b02a5fef20194b2677199e369

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUzg7iK\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUzg7iK\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0CIEgp\addonStartup.json.lz4

MD5 8fe2d792706c067419afb2b4b8d93ecd
SHA1 0aa5de6fa0fbaddcf520a03824c181d16dea21b5
SHA256 37184275b63f4e3a465dd4bd28b81cfb6f54261e5d9681fa1dd8ecc8e1e80672
SHA512 a4b76048ed24db8ace1e9c35850c5906311d80c07fb4a9685df8de1546a4d03c1682d750168396df2e06f7f56fab35651886b0b6703f67ae6d0f4630a07ebd2d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0CIEgp\prefs.js

MD5 103b53ff472025f64684b63f6fa747dd
SHA1 c9bd328c964777a88b98fcb29bf55ad7c17c920b
SHA256 86f55c376ca84f3e14748d984776ac2fcdda998bdb73a50b88d4cbd6aaabd084
SHA512 b32ae1c4c24f8f80df3c5f7d831b187233ffbec64aabc4b14ef8ce28e438d9cd7a6b4dfce2e0ad9b4d3bcbb07d80c0254cc5b719ffd913f0ff3b08ec50b024db

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0CIEgp\prefs.js

MD5 69dbb9c4464512050aa8c5b9b02788b0
SHA1 947becbbfebdb9af224ebd159bf3ccd3ce9806e8
SHA256 e111fb60a536032632cb035468d82168e01fd163d2e78c85de3414f164b4326f
SHA512 c5ab1dda4b43262ae4b120df1da03f5a92fa9bc4b245e706df04a3b08d71b6ec0822522ae0ea96ee07c3822df04be88fa6dab0e5a51e54653d03b1c1a445ffd0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0CIEgp\prefs-1.js

MD5 db8a3f67593eb741c11aabdaac0cae9b
SHA1 9928b40ac2d7c69860bbcd7a750ab6e694705293
SHA256 028dd42e09dddc13461ad949d15d8670fa5842ff7536807e17e0759444f9a8ce
SHA512 1d85dbaf8784266b840b78c67851704a0627b3d39a10b1ac79eaba714a5c7d9c5498a81f96a4b755b28dca450667ee55f27478de637050272462b3cbb61eda71

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win7-20240419-en

Max time kernel

300s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2424 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2424 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2424 wrote to memory of 2148 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2148 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2148 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2148 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2148 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2148 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2148 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2036 wrote to memory of 844 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2036 wrote to memory of 844 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2036 wrote to memory of 844 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2148 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe
PID 2148 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe
PID 2148 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe
PID 3044 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3044 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3044 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 3056 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe
PID 2568 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8cJl1

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8cJl1

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2568.0.616276116\975334591" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {bfc99ee7-ab62-4a24-b22d-7c0cfd8b1b10} 2568 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2568.1.2131751359\1165454568" -childID 1 -isForBrowser -prefsHandle 2024 -prefMapHandle 1876 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {3fd647a4-32d4-4d4d-8a43-25a53bfaeed4} 2568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2568.2.1512804730\1118962457" -childID 2 -isForBrowser -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {d473fcdf-7b5a-48b2-af30-de687b1124da} 2568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2568.3.1414886182\1711871199" -childID 3 -isForBrowser -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {e423cb05-6044-45d3-8bfb-8b35d915feda} 2568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2568.4.1442944318\1381487292" -childID 4 -isForBrowser -prefsHandle 2756 -prefMapHandle 2748 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {a27d693b-381f-4f1b-8751-77bd12415029} 2568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2568.5.2101632319\1660337504" -childID 5 -isForBrowser -prefsHandle 2920 -prefMapHandle 2924 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {85b577f3-c325-449b-930c-0a7f1540d9b1} 2568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2568.6.1899353679\793380469" -childID 6 -isForBrowser -prefsHandle 3080 -prefMapHandle 3084 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {6a0249f7-42b6-42d1-9508-66e30847700a} 2568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2568.7.156003329\93755284" -childID 7 -isForBrowser -prefsHandle 3240 -prefMapHandle 740 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 908 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {a376417a-28ac-41a3-8212-9df45efc9863} 2568 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.0.55962078\568263861" -parentBuildID 20240416150000 -prefsHandle 1248 -prefMapHandle 1228 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {65f20263-b745-481d-bb2a-d0bcb21f5edd} 2516 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.1.302509667\276166272" -childID 1 -isForBrowser -prefsHandle 2324 -prefMapHandle 2264 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {bb2a3163-169d-4867-ba8b-f1656cf3ceb4} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.2.575767056\479617289" -childID 2 -isForBrowser -prefsHandle 1792 -prefMapHandle 1752 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {f8c31219-8e46-4b74-a60d-ddd37937bd11} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.3.748085331\1280145858" -childID 3 -isForBrowser -prefsHandle 1996 -prefMapHandle 1652 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {079644f6-fc13-4bb6-a64c-70e5528e86ff} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.4.1981281896\1876021068" -childID 4 -isForBrowser -prefsHandle 2800 -prefMapHandle 2796 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {a6ed008f-b5a0-45bb-b705-43f4ad75e621} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.5.1204716629\780142703" -childID 5 -isForBrowser -prefsHandle 2916 -prefMapHandle 2920 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {f7d10a9c-0d72-407f-8b8d-dce9c31f4e18} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.6.236990174\1108391102" -childID 6 -isForBrowser -prefsHandle 3076 -prefMapHandle 3080 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {1883034e-f044-4395-8b9e-1cd7beb079c8} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2516.7.1538807404\1687891869" -childID 7 -isForBrowser -prefsHandle 3456 -prefMapHandle 3460 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {3d970321-5e79-4b00-bb02-88b7d989ee32} 2516 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHhhPvV

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHhhPvV

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.0.21056503\1566229659" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {cf584ce9-2be1-461a-8010-377a65b9613f} 2740 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.1.376900784\405011068" -childID 1 -isForBrowser -prefsHandle 1664 -prefMapHandle 2176 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {c472504c-f093-45a6-b437-ca1f54b4e737} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.2.628328219\1893971420" -childID 2 -isForBrowser -prefsHandle 1880 -prefMapHandle 2208 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {b68ce28d-02d4-4286-877e-959691e68564} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.3.2082006987\421976542" -childID 3 -isForBrowser -prefsHandle 2748 -prefMapHandle 2216 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {827a4ddb-803c-4f0e-a47d-154f05ca240f} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.4.1397599909\12310426" -childID 4 -isForBrowser -prefsHandle 2768 -prefMapHandle 2764 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {f7247811-8063-4b86-aad3-fd67d13fca4f} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.5.1625328548\886919924" -childID 5 -isForBrowser -prefsHandle 2892 -prefMapHandle 2896 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {de5f136c-bd40-468b-9879-fd3ce33d6d69} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.6.996182262\1367175392" -childID 6 -isForBrowser -prefsHandle 3048 -prefMapHandle 3052 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 832 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {214c6553-247c-4f9d-ab2f-e41959036f94} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFxYNMz

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFxYNMz

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.0.1855913298\1111190313" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {11f8c95a-fbf7-4969-bbcc-2af71170593c} 2284 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.1.1421762636\55710596" -childID 1 -isForBrowser -prefsHandle 1884 -prefMapHandle 884 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {a758358c-944e-40ec-8030-20612f3505ca} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.2.494230755\818150935" -childID 2 -isForBrowser -prefsHandle 2144 -prefMapHandle 1800 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {1887b629-3a85-4c5e-abc5-b2be1945bb9b} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.3.1058640745\1520143295" -childID 3 -isForBrowser -prefsHandle 2668 -prefMapHandle 2224 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {fd7d1e27-a1b7-4afa-9f61-7d4c1eac8f58} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.4.1825153682\668693805" -childID 4 -isForBrowser -prefsHandle 2816 -prefMapHandle 2824 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {57ab2424-226f-4e86-8ddb-f5ef5becf181} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.5.824188507\469990565" -childID 5 -isForBrowser -prefsHandle 2920 -prefMapHandle 2924 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {f75d5c93-990b-4f75-bf6d-4eec2d19855a} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2284.6.634778280\1027215944" -childID 6 -isForBrowser -prefsHandle 3024 -prefMapHandle 3028 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 876 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {9df30a6d-e6dd-4c3d-9a6f-c800d8c4be40} 2284 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe --port 49465 --websocket-port 49466

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileI5vBcZ

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49466 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileI5vBcZ

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2216.0.1262415748\1159407334" -parentBuildID 20240416150000 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {73cc8000-a79b-44ee-a1cc-f6b5c514333b} 2216 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2216.1.247267959\1460911060" -childID 1 -isForBrowser -prefsHandle 948 -prefMapHandle 1956 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {5a789c91-9ac3-4e75-a6b0-51c9feb40b18} 2216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2216.2.994064166\186732578" -childID 2 -isForBrowser -prefsHandle 1680 -prefMapHandle 1784 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {bfe88df1-30eb-439b-9913-28fc6552a4ea} 2216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2216.3.1856371068\563041137" -childID 3 -isForBrowser -prefsHandle 2424 -prefMapHandle 2332 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {a1b6d2c0-6645-414f-84f1-8bc650211966} 2216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2216.4.2139667673\1321914228" -childID 4 -isForBrowser -prefsHandle 1084 -prefMapHandle 1080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {32f7332f-77d0-4e00-90e6-3476bfaeff03} 2216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2216.5.86819363\566829035" -childID 5 -isForBrowser -prefsHandle 2908 -prefMapHandle 2912 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {ba85f246-12e2-41f9-80c5-f858e2d8730a} 2216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2216.6.794669175\1364392835" -childID 6 -isForBrowser -prefsHandle 2968 -prefMapHandle 2976 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 880 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\browser" - {4777c612-7f22-40f1-9e7d-ed9de830c934} 2216 tab

Network

Country Destination Domain Proto
US 74.123.98.10:443 tcp
PL 185.241.208.202:9200 tcp
N/A 127.0.0.1:49569 tcp
N/A 127.0.0.1:49571 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49662 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49697 tcp
US 15.204.140.9:8443 tcp
PL 94.72.118.116:6666 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50231 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50266 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:50727 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50762 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:51210 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51245 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:49465 tcp
N/A 127.0.0.1:51689 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51724 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI24242\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI24242\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI24242\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI24242\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI24242\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI24242\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI24242\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI24242\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI24242\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI24242\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI24242\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI24242\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI24242\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI24242\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI24242\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI24242\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI24242\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI24242\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI24242\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI24242\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI24242\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI24242\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI24242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8cJl1\extensions.json

MD5 028fcfdc4f6a1f10da07e17fe5e17398
SHA1 914ccb8808b0e98e99b219bb55dd9aaefc99aa03
SHA256 984acfe3ac43c62f4491f207e11ca32cb5c27609b83a97a00a0c5447c03e9372
SHA512 e68d6fc496815d2d0a6986801fec394ab773b62d4b2082ca120466eb49ea1e4c86170786210c30d0a4007501c6cd6378565d273f4df1b7e031e8385611c650f8

memory/2568-694-0x000000000A990000-0x000000000A9A0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 aeb184d3be6403994d1af57bcd7125ec
SHA1 a5d1ca2a9cc99905264456cc649ba36a683b8fc4
SHA256 014c0e83babaf796ffe524a39d8ff95988c9c110241bb1b9ecd2640b0e566e11
SHA512 8e3684c0003ab1419f9731cb0709f34e74d5aceb5d5a403dfa4bb025fdd907f4d66d54e0e2e03512084d6f0b54913c94e2961d7c9029d809a96b35dea7b8445f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8cJl1\prefs-1.js

MD5 da004d724dc188d1053b5aa159380f35
SHA1 2334c55fd7834646a73b4589e14eddaed54f6559
SHA256 c05f0276d8669adc2c2eccef6a353aeac19e22e977eb233c5010e5c75ec8a193
SHA512 773b0a4959ce0ed88ccc3b72d553a0409e5442b1177760a5f01d4839fbd71dbede55ba401fd572baf4d8d031a82a6d3c3bb76f02c39197107885521c5855bb50

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileD8cJl1\prefs-1.js

MD5 29d6ecc6a73b6958ece77aa950140844
SHA1 f4a727931b2c3eecb1f656d79c56d900c5150a15
SHA256 dfdc476559b7e200a3f86987e9d80d02e036cb6f95e14c68af212093b5b335d7
SHA512 22a9d20afce7ef087e2a79b7f5ec1cf7b706d9540486bb16e942d5ce8a98bd59908994aaa2edb5a37f01ac07ba036d1c9f90c85a0e3dbbf94ad94581bfe39055

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\startupCache\webext.sc.lz4

MD5 3f48e7b5c2bf26f114353f20be3c8f82
SHA1 1a3f6b008dfd698a4cabab8f5045b36dd0ead924
SHA256 b130dbd1760170b6643373c32fc29d847ef9e3fa7cc99d667c2efa3ebe5ce8c6
SHA512 c11d8fa838794c179f3d11239a0945b430f24f4d7eade89925931cf7527ce225f0c8d8ac7148d6a926cdb9c6331270c6fe307ff6686a9e6179566bf63b091513

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\prefs-1.js

MD5 c19bbbb0a2a2fac80dee5a86e88fb787
SHA1 a520c8dce00121eb2859988bf22b05a40b8aafa7
SHA256 cf8966f24ad76abb92960473f0ceca05f278356c355ad8b06f92cbabee3a1583
SHA512 4e4f0296b45125c7be0191d43d6a0a34165058797225867b2b67cb9217e9dd70bf88b4878eafe3f9f981baade4be311fa3266573af31df73702f0b38dbd698df

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehI3YiE\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHhhPvV\user.js

MD5 30ba9b970501aade2e9fe52196b0c015
SHA1 23310439c0d8d036c70134f1492906b01be5c81a
SHA256 67da0e74ef24e26b5758fd944a4da47f6f85c474f5691e74ea4934473103daae
SHA512 c589512cea732f05fe1647ad874c57587e9258d67f3284a3ce07e24d38c1d6d62cf99894166f9562e82287998d057e629718cd2bda88593e3332d4bafd87a394

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHhhPvV\prefs-1.js

MD5 4f6b73dcb1a2b030134239eddaefb4c1
SHA1 1cc3c0383bf337aa1a969cbcf1e502a5439a8749
SHA256 999d955edbdea01c4c5187e0c0b230440d95114680279cd69866840f0d5342af
SHA512 560997656f73a46df2e66149ae6c33cbad76e7c8eaa95714d5e122701ba9c8f0fafc709fd43109dbb6b746d377238ddd1cd523203d81902920c64e77d29e34fc

memory/2740-1670-0x0000000007360000-0x0000000007370000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHhhPvV\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHhhPvV\prefs.js

MD5 2787800f9d0119753fd5b695b91203ed
SHA1 79b1cd941712c9bae2663b805c5489f94f043c7a
SHA256 148daaa03435e92b27e57860ef84ba91517c353880c109c4e4dddeccf6b19ba9
SHA512 a256d8e10bd26a9b74ed0f58baa48dc81aedc7f858eba95dbcc8b782e48542633766b3df989892ec0932c9919ca32efe3197b06cc91ba4e4b49a7ba99b18375a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHhhPvV\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHhhPvV\prefs-1.js

MD5 4e8e7fb19827f6dc946e36a4f4b520e8
SHA1 3320b2b6f224fa4150567465acc961830543d842
SHA256 448906efa745e16198f7721fcc3b1e5b13c0aea904decb09918ddda76cda495c
SHA512 9c7c0fef28aa5f02cdb91c5325b01bfe6263e1f8c95e33e09e345718a6b02947479eef16269d82d6743ecf82624f5647c75d715d6ebcb69c3e1ba13dfbc740cc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFxYNMz\prefs-1.js

MD5 1d6db9d895a04044c26561da8371f8c7
SHA1 c1a4140e7cf321ab4e1ef9dbb6543acc66bfc9d1
SHA256 ecf46ea07d7574007c411ea95cef8544e678831bd4749f811ab2e8f3d79072be
SHA512 6ca116b7915aa873b5e7e26d1c91faeebc73c13e8e2b2c0194c32d094d689cfd392619790b8446fcf04deec3d8ca8db374b432b754f30d5775e76015f8584f33

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFxYNMz\prefs-1.js

MD5 52d4e80445453442df2ebd1765278669
SHA1 1b44f2e112332df121439ddf38aec48bc5199393
SHA256 5ff7320588d9c2b0578d86f4ed9c47bc6b797697bab31947b54901413cd5258c
SHA512 267b7439653fc45dcad38c70944785741e84f3e74a82b47e137b0e9f74b1fd2921f43354d4982c5cb7646f654f7079f4ed9f66c37949f4bfe8f87d4a5b87b3b1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileFxYNMz\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileI5vBcZ\compatibility.ini

MD5 6c8d43a3ef819ecd4193f72557eb9a7b
SHA1 cdc53d877d98a2b56e8967eb8965fab0a0c0674a
SHA256 3b3d6c1e079d4a24ffa7270c4052070e1b5cdf225a059eacac1cbecd41069b86
SHA512 7b9da2c57e892a62f99a50e0ad5dbe60da05fa558ae4823945640c77e7f8396a34298d3481580a731a4d6809cd14d7f9dcd33e59d3b629652439c5b3483c46bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileI5vBcZ\WebDriverBiDiServer.json

MD5 c0818a5b4f43bdd39f98d4e0d8ec645a
SHA1 83658639eba39248f968967571551ffdb70dfb46
SHA256 8d77366e880ba6bab3f61979f0e932245f0f04f09fadaf07b3565c96ad511f8b
SHA512 0446864e37949cf1480d06b71fffeaa3cab62c0daf6a640034d10f9a5a6a8b32cd19e5afbbbc984bc0a9a258c543ea9ffc28a94865c60f52786eadb53b684e94

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileI5vBcZ\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win10-20240404-en

Max time kernel

294s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1708 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1708 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 320 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 320 wrote to memory of 4196 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 320 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 320 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4196 wrote to memory of 2116 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4196 wrote to memory of 2116 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 320 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe
PID 320 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe
PID 1984 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1984 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 1716 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe
PID 5032 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe --port 50043 --websocket-port 50044

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50044 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0AaD7n

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50044 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0AaD7n

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.0.2057580657\1852959406" -parentBuildID 20240416150000 -prefsHandle 1464 -prefMapHandle 1440 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {aa2072df-de4f-44d9-8cc5-71c2f5de7968} 5032 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.1.378397695\1714239386" -childID 1 -isForBrowser -prefsHandle 2456 -prefMapHandle 2088 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {5795c871-75c8-45ad-a6c4-1738f6f88b3d} 5032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.2.365957493\1420298449" -childID 2 -isForBrowser -prefsHandle 2896 -prefMapHandle 2892 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {10298abd-385a-4ecf-b514-2b7f5c05fb15} 5032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.3.1477052873\757923165" -childID 3 -isForBrowser -prefsHandle 3132 -prefMapHandle 3152 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {767803ba-2853-478e-b6c5-5a80a18f795b} 5032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.4.1510774815\670314125" -childID 4 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {f4ed3bad-4d48-43bf-96c7-87f99d38cce3} 5032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.5.622545748\1312211987" -childID 5 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {6cb0b2a8-22bf-4142-9473-7941cece4cc4} 5032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.6.163917944\455132045" -childID 6 -isForBrowser -prefsHandle 3980 -prefMapHandle 3984 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {6350707e-33ef-4c1b-8f41-6456b568878d} 5032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.7.461850065\901927705" -childID 7 -isForBrowser -prefsHandle 4404 -prefMapHandle 4408 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1164 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {f849c80c-af35-4067-9b2b-dcaa8325c229} 5032 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.8.557181338\223247277" -parentBuildID 20240416150000 -prefsHandle 8200 -prefMapHandle 4588 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {f8366d58-4c2f-4a94-b158-6185fa797a9e} 5032 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="5032.9.727714887\519628673" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 8212 -prefMapHandle 8252 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {1c0fc630-1bf2-4183-8f82-6d5a8625c17b} 5032 utility

C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe --port 50043 --websocket-port 50044

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50044 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50044 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.0.2077049776\364488583" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {d0b92b1d-92c0-4c3d-aece-61d7da2a144c} 3272 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.1.845684648\387437311" -childID 1 -isForBrowser -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {6349c65e-0495-48ab-8b2f-b487041c24c8} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.2.1231327976\719958080" -childID 2 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {54a53003-eb60-4908-8930-3ccdde9ae046} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.3.724016226\667454344" -childID 3 -isForBrowser -prefsHandle 3304 -prefMapHandle 2952 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {d7154e73-32af-4664-b8e2-09cc87680119} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.4.282083671\1434000773" -childID 4 -isForBrowser -prefsHandle 3504 -prefMapHandle 3508 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {9b935c2d-18ba-4895-98ab-1d0a8394a3fd} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.5.764313815\1551738794" -childID 5 -isForBrowser -prefsHandle 1280 -prefMapHandle 3336 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {96bcd25e-4079-4422-8088-ecb6e9eb2da6} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.6.1060839034\1952410653" -childID 6 -isForBrowser -prefsHandle 3916 -prefMapHandle 3920 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {ee63aa15-6746-4a62-9e47-277e07c54643} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="3272.7.319269516\213460089" -childID 7 -isForBrowser -prefsHandle 4236 -prefMapHandle 4388 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1176 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {d3e7e1c8-3ace-485d-a9d1-d73833021afc} 3272 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe --port 50043 --websocket-port 50044

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50044 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJSppOR

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50044 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJSppOR

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1716.0.1721467424\476240848" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {e349f096-1f82-48bb-826c-065f628e01b4} 1716 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1716.1.1365802990\285544814" -childID 1 -isForBrowser -prefsHandle 2132 -prefMapHandle 2020 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {0d8fb655-a959-4fd1-9d75-ae17e40f036f} 1716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1716.2.377054484\1930656" -childID 2 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {09ca08e1-c0a3-4286-8eb5-d05808771a5f} 1716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1716.3.467521129\1895798339" -childID 3 -isForBrowser -prefsHandle 3368 -prefMapHandle 3372 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {6dfc04e2-9a48-47b5-90f5-95d1b4d713fe} 1716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1716.4.1837361081\10833801" -childID 4 -isForBrowser -prefsHandle 3692 -prefMapHandle 3768 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {86b545c1-8e8a-41d7-8df7-19dcedc4011d} 1716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1716.5.1810995326\1488722063" -childID 5 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {1a2e56ed-60c5-439d-b342-1a868c70adad} 1716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="1716.6.1562745820\1691957378" -childID 6 -isForBrowser -prefsHandle 4092 -prefMapHandle 3908 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {a713caf1-062a-4ba2-8ad1-b2c57ccb386f} 1716 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe --port 50043 --websocket-port 50044

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50044 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesVxA6i

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50044 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesVxA6i

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.0.152830990\2040782000" -parentBuildID 20240416150000 -prefsHandle 1480 -prefMapHandle 1472 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {413d3e79-0be3-45ff-acf1-64f9e98e0f43} 2752 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.1.1985062955\1490842379" -childID 1 -isForBrowser -prefsHandle 2500 -prefMapHandle 2496 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {26aa352e-4227-4ba6-9eeb-8f10f4e6d94f} 2752 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.2.1424508564\1589822837" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {4d0dd38b-1698-41b2-b858-32d506697378} 2752 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.3.396576583\729132034" -childID 3 -isForBrowser -prefsHandle 2960 -prefMapHandle 3080 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {22b2d656-3cae-4b48-a07c-11285b8ae342} 2752 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.4.970229296\758216801" -childID 4 -isForBrowser -prefsHandle 3292 -prefMapHandle 3344 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {b5fac00c-5aa1-4225-b1a0-aefb66e5fae2} 2752 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.5.1607414712\1192149752" -childID 5 -isForBrowser -prefsHandle 3764 -prefMapHandle 3256 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {54121198-f5fd-4c74-902d-55461795ff7c} 2752 tab

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe" -contentproc --channel="2752.6.121177391\2042030871" -childID 6 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1156 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\browser" - {887a26a1-07e1-4ac4-a0ef-69474e01be6e} 2752 tab

Network

Country Destination Domain Proto
NL 185.80.222.164:443 tcp
US 8.8.8.8:53 164.222.80.185.in-addr.arpa udp
US 23.142.248.63:666 tcp
FR 62.210.205.228:443 tcp
US 8.8.8.8:53 228.205.210.62.in-addr.arpa udp
US 8.8.8.8:53 63.248.142.23.in-addr.arpa udp
US 52.111.227.13:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:50138 tcp
N/A 127.0.0.1:50140 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:50241 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50249 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
NL 190.2.154.253:9001 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
FR 178.32.136.221:9001 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:50739 tcp
N/A 127.0.0.1:50747 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:51057 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51065 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:50043 tcp
N/A 127.0.0.1:51336 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51344 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI17082\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI17082\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI17082\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI17082\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI17082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI17082\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI17082\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI17082\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI17082\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI17082\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI17082\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI17082\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI17082\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI17082\top-1m.csv

MD5 7cf43e1f8f6fe3ea55d9c6e691499b17
SHA1 a2c3a46330aa9303f28a10f636a334481135b812
SHA256 c6207f7e5e4a59f72aff40f167c03f9fbd1d3d0a1dad1429258751a38ac571e6
SHA512 4d789f6f602e2d1d54d365e3b1f7b298fba5b092689c0059d9b2260452d2b824c0b96e25b09bef63f7a86c08a632a3498fa74b63f71c8ec2904e2430ac37c34d

C:\Users\Admin\AppData\Local\Temp\_MEI17082\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI17082\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI17082\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI17082\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI17082\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI17082\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI17082\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI17082\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 609ed4a7738d4fa849ca0dcc8b7dcee9
SHA1 4d64964c371c9f7e244c321a9530b55010625e8b
SHA256 6cb41969da3319d6e6be5d03240a9590d759ca0c0ca3a0eb884619b9da3eed39
SHA512 6b4685b0c67d7c7aabebd31fc4700573654911e6d92035aa0606d859dde5f45c20d3ec5508376f59ed338dd710c57a9841937969ad8b1744a251abc6ec655f23

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 e4ed8f5ccef4b2d8f85e96e382a8a0fd
SHA1 a916aefb67104d555eca01a7ee88964eb1aa2a7c
SHA256 b60719dab2c1f3d172fb9e8b5970d0fa5bff367672b0c2fe1cc862a94b8ea9f2
SHA512 0573e828f4e2bb5e3e60cb9157011dbbb36520febe377d75fd822543d8ecb0cd553fb2592e821a699ef160e2a5a33a4aea93d48e1798fc6c8e14e5e1c95c4de8

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpojvs_5x9\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI17082\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0AaD7n\extensions.json

MD5 d1590fd7b90ff43817004b0120f32f85
SHA1 773a667777bf9017b01b90b56822bdc09565007a
SHA256 b6b455713dbb08bc4b9559133ea738c815f5ab685c9b7181375222ba74cbe528
SHA512 aafb91a54075b371b1054c692448684d8d41ffacb17c0a2b8f6c12d31f77839b425a1259a21c909adfb7c89c47139a45636afaa50d2026d5867bb00c2b6d92fc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0AaD7n\prefs.js

MD5 2bc2d8e048a8203dced21bacb004878c
SHA1 33b4b479a9477a45fe88b0be8acde7b7cf2f516e
SHA256 d091cd684bbd5e29ef20fba81bd1613640aab0d76d4539879b04c2dbcfe23d9e
SHA512 418eb4557f46debfb55ce1d297290139c263681c46615cfae0fee7e2c115651ed019bc491fd965b1be00271c37346cce2c5642a55cd5fe8693918701ef12e72f

memory/5032-550-0x000001E110AC0000-0x000001E110AD0000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 3d067c09ce7fd1fe45ede87f6eba7321
SHA1 889b6d39727aa35df1cb78c17587392b154f6932
SHA256 bb1508fb0194ef9c66df294b2a30ddd7586720efaf0c09eecfdd623b9f7239a9
SHA512 e98c7e9ceca17c24053472a71325ed79309898ed20019320494b802a9e2fff7762f4153f2f57cf0de6f8fc78692ff892be6575afbf4092d0fcc8b773d709ed22

memory/5032-598-0x000001E104AE0000-0x000001E104C50000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 418c2238463c2469a9767555d6a9a7e0
SHA1 98313269df32959fe269231a1a8af838e69871d6
SHA256 67b13564f9e718ce157b6c96f3b9bfe7e653933291befce18ff0050193a29155
SHA512 9691dc219b8a66c91cb24a3e4c5c0c52cadad631d22784857e140b661cbfd0297faa01cc618ad78efc28bafbc10a6bb2ef8a56fdf6e5f6a6930282a06194c101

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0AaD7n\prefs.js

MD5 68516cb1175781f2678e03646a1471f3
SHA1 6425ae8c93744e840201c97aa3aecf9072d07f71
SHA256 1c5bca05c08f0264aeea03635371ac728ddf13d21c9ad2796361a51dec004879
SHA512 4dcd8d86daaba0fcc9c969d14b7f72155f6d66771e057b4b3d0373f5c86a29a174d5651d1a4a0503d8c89d1b5f1266684328f0c5900f08cf9307c89be3d6bc85

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0AaD7n\prefs-1.js

MD5 96572ba21460a72d7f2fdc5b5f3d5755
SHA1 c012258bca977e9bcca28a8241deb3a74cf55c23
SHA256 e1bbf1484a483c1d6e1acf87d8b663aac43acd72187d3c21a73972ffd95c8d34
SHA512 8ce8b96225539515191f0a135d6274e93e2ec0e0d2a29b33ac376b26f9cf5dc679613c4dd7af5fb36dd910a1862511b9c15a5415afeaa51358a70cd14058408c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0AaD7n\storage\private\uuid+++98da6cea-7589-4c85-8eb0-887615017698\idb\ddbb91fc-747a-4f18-b30d-1e709eaa9be1.sqlite

MD5 972cc6c0e5419c66e964e25d61f93c4c
SHA1 747f63ca08b7b67972841a4dcec934e3ac274ed6
SHA256 343d6de6430e882681f569c780a63909865b575a0d771167ea6c36f16b98a089
SHA512 70b88904acdf143c7a0f4c33ebaedc4d4f08336c9869b8d506b394e03ae0ec5d1a20bc2058987dd31e16b7732c26dc03df14b2d7bb24d185ebe6fef747b4bebe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/3272-922-0x0000026CD62A0000-0x0000026CD62B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\prefs-1.js

MD5 d1e5e9a373cad7710e36dec068093c94
SHA1 22b54548906bd9319cbd094eae6f3709d41cc854
SHA256 10d1c6c0350655790abf5191ab94d10dbaeae4328c05191a0977bc6d24f57701
SHA512 bb022040187357ef9c461b3f8f0eec55145370e250b9469f356b8c0f255d78c4dd40a71150a590cbdbe0b31469b7c55dd8d0be02c059d4d9bfd146cbc3aee1ed

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\prefs-1.js

MD5 91fd0b46049162202b8948655a942691
SHA1 989d7342d0321d63f03e0788a5e8dd4311db39a7
SHA256 a9aea05dbd733c0991abe3bcafc9a3f8332734119ff74c0b50a950ab03e0ec23
SHA512 0965f0798cc45da2c623d6b47ad5729517eac53fd3b6fb3c7c7ee75e3e93a59bbe1a3a7cf84f7428a24e881ab2b365a300cbdc4a9b56fde331e3b35af9df7a2e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9HHGUf\prefs-1.js

MD5 9f831de16e4d3c6470521818222e02a0
SHA1 eff972f6718e407f5cb679eae84dd0486eff6156
SHA256 d2b01f62a2439e126f4fdea21aff882698f532501d8a8137d4926e66e5b8dc7c
SHA512 a089b3cace3ae5fe492877006ab7558ca94f60879b235ce7534ff20484cead46ab2ed8f487077c794e7c3e9ccaf2eb072115bebde25629a92d6cc179650189f9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJSppOR\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/1716-1193-0x000002C7D23E0000-0x000002C7D23F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJSppOR\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJSppOR\prefs.js

MD5 617ff874cd665dfdc03af6cd0b0eb70f
SHA1 a598c69a8ac0131bf239f4b5c89cd6612aa5da93
SHA256 558fe3cdae0c859b140e9d09dc92a5b1e38eb770eebb992b622215211fbcd8f8
SHA512 8462ec14b26b863492fa863e85acafa46651d046c4c647468b35be6a1bf448edfdfea222d55cbe1e6db3a8854333cbd5269dd7dfe75e17ce48e669236d9872ff

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJSppOR\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJSppOR\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

memory/2752-1462-0x000001E5FA180000-0x000001E5FA190000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesVxA6i\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilesVxA6i\prefs.js

MD5 f0efe626787ea53e0a5df77b53d93c96
SHA1 99bc5330b886331a751bd2ab09ed0a5c4d4762db
SHA256 c416819145b480a0dc8c09d426678f93f0f5c692854316a55e00a0c6c652053f
SHA512 cbd62fc61f4cee42848999c8aa582372cac7833bea09efd5c214503bdd4ae38398efa3c6289e64cd98f4460707436942df6b2a11ddf415a6fb49c26d9bb87e40

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win10v2004-20240508-en

Max time kernel

301s

Max time network

311s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Renames multiple (66) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3024 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3024 wrote to memory of 4060 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4060 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4060 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4060 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4060 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1376 wrote to memory of 444 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1376 wrote to memory of 444 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4060 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe
PID 4060 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe
PID 4948 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 4948 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 2248 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe
PID 3364 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeKt200

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeKt200

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3364.0.53566808\1750940706" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1624 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {720f5e88-e88f-4d24-8211-dacdf0c002dd} 3364 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3364.1.1720996039\1529576545" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {006d8386-6fc6-4b45-b26b-e91994591c15} 3364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3364.2.864207549\1304838896" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {4a6b8b2d-5de2-438b-9330-7e3c974b27f4} 3364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3364.3.2107793186\1671938806" -childID 3 -isForBrowser -prefsHandle 3672 -prefMapHandle 3668 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {9f13c624-643b-4579-a4ba-24aedd0cabc7} 3364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3364.4.2010562757\1412816417" -childID 4 -isForBrowser -prefsHandle 3660 -prefMapHandle 3308 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {74f72ccb-80e6-4627-9a0b-84d709695e1d} 3364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3364.5.269929128\2095041139" -childID 5 -isForBrowser -prefsHandle 3208 -prefMapHandle 3224 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {49d6890f-256f-41ff-8501-972dce6a816d} 3364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3364.6.1916343415\1524401528" -childID 6 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {712d001f-0640-438e-a351-e6bed7e18210} 3364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3364.7.738731677\1273710086" -childID 7 -isForBrowser -prefsHandle 4780 -prefMapHandle 4620 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {5f1fcd99-747b-4eac-b32b-c0f9eb9a8d8d} 3364 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2204.0.1078104972\434127044" -parentBuildID 20240416150000 -prefsHandle 1728 -prefMapHandle 1720 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {74542fbf-12c3-4972-8deb-ac26ee699022} 2204 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2204.1.1420635680\1773162836" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {f89c014a-2c1d-49c3-a197-b41c6aa12b58} 2204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2204.2.580614553\920249910" -childID 2 -isForBrowser -prefsHandle 3156 -prefMapHandle 3160 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {14a7fc76-58b1-42cd-a7e3-b5abc5d373d2} 2204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2204.3.644934098\1902052814" -childID 3 -isForBrowser -prefsHandle 3448 -prefMapHandle 3452 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {105b7cfc-7dfa-426c-9f23-72b51257a310} 2204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2204.4.817831602\1019391191" -childID 4 -isForBrowser -prefsHandle 3504 -prefMapHandle 3360 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {f9f7c8e7-2143-44d7-bd57-bb5c4d71d04a} 2204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2204.5.652854398\801570114" -childID 5 -isForBrowser -prefsHandle 3796 -prefMapHandle 3800 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {775132c8-6c2e-4b83-8de5-186811430ce9} 2204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2204.6.495270509\234460212" -childID 6 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {334fd9ef-cbb0-400f-a7a8-461a26eaf532} 2204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2204.7.1582533876\254303846" -childID 7 -isForBrowser -prefsHandle 4644 -prefMapHandle 4636 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {8d010d83-db75-44dd-ba7b-65aac5dc5562} 2204 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeFdH36

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeFdH36

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3040.0.901926089\2146253985" -parentBuildID 20240416150000 -prefsHandle 1680 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {a072cce2-bf53-450c-adf1-9bb2a457149a} 3040 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3040.1.2085204194\1350164056" -childID 1 -isForBrowser -prefsHandle 2436 -prefMapHandle 2452 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {d024b817-f137-48b8-91ec-cb2255c92d63} 3040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3040.2.362645091\187075814" -childID 2 -isForBrowser -prefsHandle 3156 -prefMapHandle 3152 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {f4ec6422-78d4-47b5-b32e-b933e9f71973} 3040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3040.3.1949323791\413282221" -childID 3 -isForBrowser -prefsHandle 3172 -prefMapHandle 3188 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {39e5f729-c9b0-4778-910d-d4556ee8ac56} 3040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3040.4.986616761\2021156134" -childID 4 -isForBrowser -prefsHandle 3912 -prefMapHandle 3416 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {5f613bbe-84d9-46cd-af8e-11588a78a579} 3040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3040.5.1753150389\1145234278" -childID 5 -isForBrowser -prefsHandle 4300 -prefMapHandle 4296 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {85ba9cd2-4b99-46fb-8192-45efff901e43} 3040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3040.6.395291577\1895200106" -childID 6 -isForBrowser -prefsHandle 4440 -prefMapHandle 4436 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {00e9f7f7-1926-428d-9244-f59a32a10a65} 3040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3040.7.388392864\911873652" -childID 7 -isForBrowser -prefsHandle 4652 -prefMapHandle 4648 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {89b877f7-6585-4d16-8762-91ea83b4ca16} 3040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="3040.8.1687346403\1540117732" -childID 8 -isForBrowser -prefsHandle 4404 -prefMapHandle 4596 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {b33fa06e-53d0-4807-ab79-937805e8613c} 3040 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdxlbD

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdxlbD

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4112.0.1707537445\495359671" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {096c9b68-3e6d-49a1-b548-067e0041273e} 4112 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4112.1.1823533648\1766559393" -childID 1 -isForBrowser -prefsHandle 2752 -prefMapHandle 2768 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {2a882d26-9002-417c-aba6-17055f24fa0f} 4112 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4112.2.415595747\901418283" -childID 2 -isForBrowser -prefsHandle 3216 -prefMapHandle 3212 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {d16867c6-fc5a-4d9c-bff9-3a8942aa1359} 4112 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4112.3.2027315348\1255415685" -childID 3 -isForBrowser -prefsHandle 3228 -prefMapHandle 3384 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {0c2ac882-3833-41bd-b8ef-a604cc9795b7} 4112 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4112.4.1615603059\448604788" -childID 4 -isForBrowser -prefsHandle 3828 -prefMapHandle 3824 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {b8466689-7f99-4f1d-8aef-1af9dc6b37e6} 4112 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4112.5.1199769708\358325997" -childID 5 -isForBrowser -prefsHandle 3860 -prefMapHandle 3984 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {04588799-b892-4bdf-ab3f-a435c4be9a83} 4112 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4112.6.1371328590\1004779127" -childID 6 -isForBrowser -prefsHandle 4168 -prefMapHandle 4172 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {5c74f377-fbf1-45aa-b51c-0f4b6e7954a8} 4112 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.0.556933306\1302192413" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {5d4edf31-bb87-46d0-98e9-96ae3324089d} 4208 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.1.1947756072\1511200083" -childID 1 -isForBrowser -prefsHandle 2604 -prefMapHandle 2600 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {fa75350a-9fcc-4401-a48c-0236ac6f4663} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.2.495962742\1373232165" -childID 2 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {4c7eb9f6-a1cd-441f-8ce7-de2ce9ea60c4} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.3.1480652703\659869911" -childID 3 -isForBrowser -prefsHandle 3076 -prefMapHandle 3296 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {86b8a9b6-ce09-4351-854c-0bb004023acf} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.4.4619603\724377554" -childID 4 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {6e076e96-c133-4193-a090-671b68928f36} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.5.1420791824\2099128363" -childID 5 -isForBrowser -prefsHandle 4092 -prefMapHandle 3992 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {df398d13-2dea-44fa-be50-ea5ba56aa9d3} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.6.2101173635\1114072255" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {2b7060c4-4b1d-4a3d-b733-82b7831c6bb7} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4208.7.734224849\1238096828" -childID 7 -isForBrowser -prefsHandle 4404 -prefMapHandle 4608 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {eea0b975-8069-4ce0-9f57-3b68126d9ad5} 4208 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledCDDCD

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledCDDCD

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1796.0.451258607\984216235" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {1d512f1d-bdfc-4d6e-a38e-1ca943480422} 1796 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1796.1.859885106\309071391" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {dfe0c44e-967d-4c25-8b84-d9b1c512c6f7} 1796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1796.2.1148800872\1283315542" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {79e79cba-7e62-4918-a6ab-061ba37a4b8b} 1796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1796.3.755171950\39044594" -childID 3 -isForBrowser -prefsHandle 3424 -prefMapHandle 3420 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {8efd06c6-ee67-4434-9b3d-98d916ad08b1} 1796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1796.4.1577702014\305001080" -childID 4 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {d7bb6afc-290b-48e4-ad07-d8074847de1b} 1796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1796.5.1325751678\1762003876" -childID 5 -isForBrowser -prefsHandle 3776 -prefMapHandle 3780 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {262234d1-b4db-4c58-ae11-aadb9044cdfb} 1796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1796.6.120544151\2029435430" -childID 6 -isForBrowser -prefsHandle 3960 -prefMapHandle 3964 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {2b6c5431-c2af-42fe-a053-56d9841987e8} 1796 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile62QW2R

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile62QW2R

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1880.0.2009119910\753493279" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {4fa5687b-6be1-4a21-b269-dd9c261dab0d} 1880 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1880.1.1080459181\2055294689" -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {ec27f732-4b58-4dfc-a480-e572d1e4f203} 1880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1880.2.1246092162\1701535896" -childID 2 -isForBrowser -prefsHandle 3180 -prefMapHandle 3176 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {5aba44d2-b6a1-4d92-b282-4691978dc6ff} 1880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1880.3.1363321324\1307007082" -childID 3 -isForBrowser -prefsHandle 3540 -prefMapHandle 3212 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {2e299620-47f4-41f4-859b-7bb8531fbf7b} 1880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1880.4.1844451358\1911641052" -childID 4 -isForBrowser -prefsHandle 3796 -prefMapHandle 3800 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {0e2e878a-22d4-4205-88a0-738dd8ea1545} 1880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1880.5.705172253\166169842" -childID 5 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {a2fec037-218f-4078-ad4e-f77de223e969} 1880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1880.6.172258537\1606341659" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {6dac71bf-81fb-4a91-92f1-989c6b541e64} 1880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1880.7.10093780\1998030327" -childID 7 -isForBrowser -prefsHandle 3696 -prefMapHandle 4688 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {299cf300-8572-4f83-b235-9d8d8f7dbb01} 1880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ4lqzq

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ4lqzq

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5052.0.418705125\1110319745" -parentBuildID 20240416150000 -prefsHandle 1664 -prefMapHandle 1656 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {80408208-4ec3-4507-b8ad-6903430bfcde} 5052 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5052.1.422536312\1506643226" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 2664 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {14410a18-6a3e-4b8f-bc91-094f752fccfd} 5052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5052.2.1843148085\287278708" -childID 2 -isForBrowser -prefsHandle 3216 -prefMapHandle 3212 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {4308e011-bd9b-41c0-99af-ce1c1fc70266} 5052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5052.3.2091307326\250666187" -childID 3 -isForBrowser -prefsHandle 3232 -prefMapHandle 3344 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {3eea61a9-e390-45a9-bedc-137a3b9e3cd6} 5052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5052.4.1080187048\2046346858" -childID 4 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {4ee799d8-1e66-4854-b34f-1b6eaf20729d} 5052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5052.5.1123636789\506797891" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3824 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {352af72e-680a-4ac8-ab0a-56724984fb8f} 5052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5052.6.861392412\1602866017" -childID 6 -isForBrowser -prefsHandle 3328 -prefMapHandle 4056 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {e2d80749-9b60-480f-8a8e-75f8a84fffc0} 5052 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7iCRtn

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7iCRtn

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="372.0.1542284106\1165335331" -parentBuildID 20240416150000 -prefsHandle 1680 -prefMapHandle 1672 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {16c82152-aada-496e-be1a-14cb5a33ab98} 372 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="372.1.1308380638\858550898" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {b9a2badb-9c85-47fe-8a09-d4fe30eaf540} 372 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="372.2.57673977\1797098040" -childID 2 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {d6f289af-43b3-4753-842c-1612625d0a60} 372 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="372.3.441402725\389230654" -childID 3 -isForBrowser -prefsHandle 3300 -prefMapHandle 3304 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {5ee00b52-00c2-4874-9f91-b04cea0e0538} 372 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="372.4.832860791\1202804693" -childID 4 -isForBrowser -prefsHandle 3900 -prefMapHandle 3896 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {83f2d96a-b9a8-47e2-ae57-da599d522320} 372 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="372.5.567540603\1950127440" -childID 5 -isForBrowser -prefsHandle 4076 -prefMapHandle 4072 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {1915ec6b-5c3f-4fae-9708-fbce63dc530c} 372 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="372.6.117393679\2047734591" -childID 6 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1248 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {d7d347b2-314a-4250-8f94-d2c3a860417a} 372 tab

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe --port 58699 --websocket-port 58700

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3boXrW

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 58700 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3boXrW

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe" -contentproc --channel="212.0.816210576\886212022" -parentBuildID 20240416150000 -prefsHandle 1652 -prefMapHandle 1644 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\browser" - {82fa35e9-f753-42e3-8392-1b97e1a2a026} 212 gpu

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.177:443 www.bing.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 177.196.17.2.in-addr.arpa udp
BE 2.17.196.177:443 www.bing.com tcp
NL 194.88.105.13:33914 tcp
US 8.8.8.8:53 13.105.88.194.in-addr.arpa udp
US 199.249.230.159:443 tcp
DE 65.21.115.34:404 tcp
DE 51.195.41.230:443 tcp
US 8.8.8.8:53 230.41.195.51.in-addr.arpa udp
US 8.8.8.8:53 34.115.21.65.in-addr.arpa udp
N/A 127.0.0.1:58802 tcp
N/A 127.0.0.1:58804 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58908 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58916 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:59282 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59290 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:59624 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:59632 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:59995 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60003 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:60273 tcp
US 8.8.8.8:53 213.80.50.20.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60281 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:60669 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60677 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:60942 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:60950 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:61300 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:61308 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:61598 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:61606 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:58699 tcp
N/A 127.0.0.1:61881 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:61889 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI30242\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI30242\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI30242\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI30242\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI30242\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI30242\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI30242\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI30242\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI30242\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI30242\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI30242\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI30242\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI30242\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI30242\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI30242\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI30242\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI30242\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI30242\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI30242\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI30242\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI30242\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI30242\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp1jy3df3c\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI30242\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

memory/436-493-0x00007FFC370A0000-0x00007FFC370A1000-memory.dmp

memory/436-492-0x00007FFC35AB0000-0x00007FFC35AB1000-memory.dmp

memory/3028-522-0x0000028805F60000-0x0000028805F90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeKt200\extensions.json

MD5 39d904e327577601afaed645dde186e5
SHA1 e3659f8d2053d429b78ab1bcfb13d9c67001cea0
SHA256 303c6b9ddce98a68bd01b57f8751d16d74042aaa94c4b9bca3e5787f01888d88
SHA512 b23295c95451433716fb16c682a033b8b1c5d51d497d8e757fb2b4b288161d3577d4df0968f2d4349d8ae8fc5369c18d74b34b2a57d2c64a4114257cdde0a5d5

memory/3364-547-0x000001ADFDB50000-0x000001ADFDB60000-memory.dmp

memory/436-601-0x0000016EBB8C0000-0x0000016EBB8F0000-memory.dmp

memory/1988-605-0x000002AA60D80000-0x000002AA60DB0000-memory.dmp

memory/1328-604-0x00000200ADE50000-0x00000200ADE80000-memory.dmp

memory/876-603-0x000001CAE4DE0000-0x000001CAE4E10000-memory.dmp

memory/3836-602-0x0000017CC6A30000-0x0000017CC6A60000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 4198506f85a7f770e3157f4f900c5efd
SHA1 98a32a58cae53cc219470eb16423b12d95d7b633
SHA256 cd78499cc8cb283fac31f94f11411b0c6a052e33ccfce16617097610e060ce52
SHA512 68a1d109c236dcbeff964e846accfc8749fc4bb7efbc29ca2c1ffe79c330c1139a83f4107b076122c160001126187fd4705e0f1f637be7d719c19dd249ad7306

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeKt200\prefs-1.js

MD5 e3d25d60ac10606b498554a2cba1cd9d
SHA1 417824f1193641e69f1b830892d40588f9d5124d
SHA256 5ff0bed322f41ff509420d6cc5c97d1e6437bafb7368a5231f3c03b794bc6dc2
SHA512 d406e8395bf560cdc63d112187fd60a7897f321c1f3cbe557d5a74b6cfb1a831c3d41142a8efccbbdab6702e439e746e4cf4ad2a19a1d0c8a19e23466ac49fc8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeKt200\prefs-1.js

MD5 c66d873ba4aa990b750bdaf666ab170d
SHA1 8b5b5489d1c70085969e55532f6ebf3a51dd3a94
SHA256 5aee4f7287785d199b760e117839437c85bad992db551591ebdec4618c070cff
SHA512 e0581539a88f311f86da81f14ef71b541d6d9e5f02a95bb29314862b23e0f04e7cdd80c0b31f0d87b27f5a42e830c3ee8fd7f79bab24de6b2d0ff47315445d70

memory/2664-683-0x000001C03E940000-0x000001C03E970000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\prefs-1.js

MD5 b2548d1429237db8bdeb7e1968e03d87
SHA1 ba42b61ac299e2d423004d91c9e3d4bc1ba75b31
SHA256 b8164adb8e6b5cfd40c54818f6a2eed130d07e46e733500007096c163d016520
SHA512 2f6370e234fe6324b03703f46c76c9b548e434c3c59b126d32832e47c31f2554c12dbb84a595c18c9d6a7dafbed08d5c43d7f1d641ed7eb738e2498d68e45ae8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

memory/3940-867-0x000001DDAAA40000-0x000001DDAAA70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\startupCache\webext.sc.lz4

MD5 25c87cf375ef91ff7e215496c9921228
SHA1 475e421ea29ad754add152ad18f28025239cca3a
SHA256 d74be1cb4cf3547df631f6846775301c7df54e78d1a8dd47c10a0cef14051a1a
SHA512 ef8a290335a21c2eb2149e4b55efa9ebec2a57ede2ceba9df8b214b4b3fd23953ae47794af590081b64f291be75f08cbadfdd5a8e1e9d75686d4cd5507cd3f72

memory/2204-954-0x00000173BB0B0000-0x00000173BB220000-memory.dmp

memory/2956-964-0x00000246CA400000-0x00000246CA430000-memory.dmp

memory/4528-966-0x0000018909120000-0x0000018909150000-memory.dmp

memory/1796-965-0x0000016FF9280000-0x0000016FF92B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\prefs-1.js

MD5 fb291b8212944f059279c4290b97aad2
SHA1 0c759db1fe16ebe9a23b47fd12c0986405b5792e
SHA256 775d3cc8567ddaed09886a834dd8a9f57c77ae0878467edb693dcf77b7993516
SHA512 fa1465d9d0c81b1ec9fece7d6e958893ff0af8c36fc5b75e2a4b5fb4e9b7e92ade4605145451e2fceb95e3878ab469a68a4c9a66a8972cc8fe890509e20f0fa8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5Vw4jq\prefs-1.js

MD5 22c065512f18fcb7f02333466e44d224
SHA1 338db6d0c72396d4f6fe0458030f9b875c84401b
SHA256 50c148579f6c6b5ac9c6475eb8b84a403804115d20daa000fe5a3ce72a7bbf0e
SHA512 c67d4cb02ec39779eabfb6e1e3c08dc9d0f5a5189bd9703970305695ece1d08872d0812044ed2ed1e5c89464a4fda1d841e508f6d2f1cc7ac3f54e4679c4a39a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeFdH36\user.js

MD5 1002aecdedf87a8a632d0dcb3ab69df5
SHA1 08db3bce037f64b94f17a23077dc8ac5cd7b7325
SHA256 cbdd4c67fd25cfa72ef51868f65db9a88be8690c0e595a05d3705ef75882ed29
SHA512 d23fa8a7f7d327048b538ec45b9bfb6085cad967445479c978eb6f8121522f6d721c3ba3bf1048db7ac278de603282bada15d89f1537a32a0280ca6855a70ec7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeFdH36\prefs-1.js

MD5 42798b7d27df674e1811e8b8b9844a50
SHA1 b063b6a37f21d78055dfa8b3ecb0bffc29509550
SHA256 fb443bee164a1bd9bb55c4101941275d4759eec951b9b8b5e6864e47bc0b05fb
SHA512 283cbe02e224acbc7281b9666f2d3dbf79a078ba04f4827665a59ebe18262f698c590373c8afa75aaf9dc5fb52c34081b95a16a393e4f982071ce917ee062dbe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeFdH36\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeFdH36\prefs-1.js

MD5 5a96d8edf13c474ba7386c3ab99a8eb8
SHA1 c0bf98844a3c2134554d2441fd40b25d45222f7c
SHA256 3bff71de07c8658ce1591bc84536b6523bb27e79b49e33964d5785e03368c7f8
SHA512 8b845596f030cbb2813db178e315e582e58c312cb9837d6c186c0706d87055000e5415ea3c320fbc56b2bc761e05a5beaeeeb09d3a16adfb26bfedd4a7ea8529

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeFdH36\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdxlbD\prefs.js

MD5 7004a4c1bc54aea90ba13f685aead914
SHA1 888d9d0b9782749d8b386229a4b714b5d6becc19
SHA256 ebb18fd2eca0a7e0d5acd4a68a99e650a54c769af54f3b994e763be803f8c4cb
SHA512 a1b9b6db5fe700767e37b84c817cf261cdea5beca059b587dbde020972ba294f7bb1e2f6d9b480c8392a90918a1381ce7b6dcbb16ac57e947087b959747e9895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYdxlbD\prefs-1.js

MD5 767a1105d71e5878cdeb955fed2587cd
SHA1 15dd0e89b23c4920028654dae01e60b2b7461354
SHA256 e4dadc65a70b6bfb968c4538cb5831b36d4cb1c53875020b967108d07d26355a
SHA512 754213823ea36fb0a12705671ee2ed568b2d914111fbfd97db3aa5439fc535f68e033a0c576e5729bf40b183be7160b42c0d1b70c16333f0954def01a730d2d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\compatibility.ini

MD5 1a82e5c62ba763400daab16b2415f883
SHA1 2e0ae3fe38b00ac75dbe3ffc03ade84f0e7f936b
SHA256 5b0653ac1434963d259e2c37307206c00e6a223e2aeba808f96d453816689e82
SHA512 843a12130bbb42a1c4781497d9d9b34b1c57c491c90f146cba9f0ffa0a9c5ca9fc0074f9e94f637744f904adaf2ecfbed4807fbe15dfadabea34e9c0ad3adcba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\WebDriverBiDiServer.json

MD5 a2af2c6420098b6dc5ab8696f74d8cb6
SHA1 52920397d6186c41b369eedec54e3ef3d5653de1
SHA256 7740e125371e9768a1d81e79aa91cd3ca527ac1974376fa03fbfa60c419a33de
SHA512 a30ae77a034e239545efbc85d90231edffe76ac9aeb54bc2fe35aee6b2ef063c0a0ac168968f48682faa27f8a7c4dc9abc8df1c33edca7c24aff3b4d96d107b4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\prefs.js

MD5 6ebe95fb0493ce102c99d04e093fcd54
SHA1 7add4fe38f7f50091cc2edcd878362fc587280e4
SHA256 f915597528f86ea1dbf21fc122ff24c39dc630cd8a054afc191baa12119b30d1
SHA512 6d06499ed646c200c8333171252aa2a4722083bb00c5150fcfc9cfef36eb77029624e8c1de4d26bae9466ea350d461fc7e8ade4e7d658633e7f690215566f286

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 29f81cd5329141f0daed35b164eb1a4a
SHA1 ac038dcebe4d8f128745114f9c4cee43cec2ca2f
SHA256 1eab9ab21ad68ffa016d710d3634a7b037195cd5f76558a01689e01c90e027be
SHA512 0ae8687f83e262380b43da3e0d8c57a3de6b8cc07a8a486bab31050d647cce6837e690e73f4c32fe5da6038765f6db9594f6675b4c95454f7fb4479cccdaa505

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\prefs.js

MD5 2f3a407af34df94b5440b9348073161e
SHA1 03290f67fc6057d88229d078625889f75cab20d4
SHA256 af5d9b3daa7159512ca4a12e60f8ea133bc3e7964aea6c62222b721d74878f57
SHA512 c2ab2d2851df0a9a07f6949d35b31bb9a36d6f28ae3beef95d80e9bbcd2b89c16e9d15c9901cbcd630a48dd86c323fe2dc1dddad3f1e87bb61a8f7d17edea1d9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\prefs-1.js

MD5 e0cf04580347ca87915c8e3a275e1d2a
SHA1 bcaab5848d554eb88e5c23595ebc3baa42e810b2
SHA256 4bd6e46f020a71d091ee3fa9810459bea5833556d61e69322df1c5842b5957eb
SHA512 83216dd77648b96f099254546f7c4ba417f95af002528215473f618e8710fb2500f73ee7006ac96867cf5cba850c308d5b1ad19aefe400f410148f37a13f401c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileo2K4Yk\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledCDDCD\prefs-1.js

MD5 c77ab65536dae14755cdf02c222c02ac
SHA1 ed362c2b7b6bd72137f482f8b9c4b794d54490b7
SHA256 ea17a0c3ec3d0819b9fd652d4300bc0c6d1425b2175bcdce0075c65ac03daa9c
SHA512 674fb7ddbd96bde1d059bbb3e8d28ea37964266577011e0ce116d0c3620e4f08f1b6778b5f337c1a906d7e81d3ac959682821c8c8dda9b3d90f48fd7451c3cb4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile62QW2R\prefs-1.js

MD5 3bb51e15e28e5caab547f2201171e46e
SHA1 a713a5423268309170412c618df8721de9b7e0aa
SHA256 5d9000919fd9f95200f2c89953238e2dc877e33ad152a8d9f34400a4a380bb2d
SHA512 40f90d91d812dae305f4a906b8665ee83cac8015098025cd4f2307edf1a6843154e9b6abf3b1a0464e0b12a97ada150b754091cfff1e577c3daed1080b291d91

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile62QW2R\prefs-1.js

MD5 6216e78c5c9b22921195c32a7e5c91d2
SHA1 5d4256e3182f8ef402fbeb4cadfddd96b2b8b07c
SHA256 8f193b0e4f9677deb16a28231043d842f73c2d85f077f344be48f6398e359ed3
SHA512 12d682e47daea79201a437caa08296dfca29d81eeed69bd881643313715a6531fdba02c51abfc8dc15979c819a703093f69f15193394f2f6c86c98180d7e65b4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ4lqzq\prefs.js

MD5 30e1bf0da965430bb0348a6f99171154
SHA1 2ceeb2c11c51e6c66bfbb65ede7c3a86d06e898e
SHA256 2ea1ae20a8d7219b8b0603b4bcece1e68d48b4e0d26e2d27ca58975cb80797c7
SHA512 cbfbf13874d5285be6197abc91c25ad3e05e321c982eccdce0758a1af3743f60fdbbbac6aedf4f6a5aea5798e5f8958b5498edf16cce35aeea86c5a29ae01c9f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ4lqzq\prefs-1.js

MD5 a4861adb1b66e33ba647e5d7eb9febf2
SHA1 e0f65a98137ce655becfa6a07f459338f1b74b89
SHA256 c4e71658f0d2e27f7d80eecd49077a9910fec956cc08d9ac61b68694672eceb8
SHA512 45363044d86f5660052fb0510fbdce489f26b9a3d9c46b9fd3eb61b7a9f7984aaf13b344b61cfef5667febfe76473900cc2e39306ccf3dc30c3617e7cfc57b0b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7iCRtn\prefs.js

MD5 b21012f62ab830109be3c113e628f476
SHA1 5b9e922af97815d10fd86475a8b346ee9538a333
SHA256 d4fdbbf325241e34716ee08c1c5ed4a5384da76da901fc9edb810873e6e5a5c7
SHA512 4a6a2ff60d9d4c62cec6897a7b8ad120d0d97d638ce103bd9f13264b5ef7b23118fa0df5d1f144c242371306831cc6bac1538364dd022cd9f822cbc5b4993a2f

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win11-20240508-en

Max time kernel

300s

Max time network

314s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Renames multiple (64) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3980 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3980 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4596 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4596 wrote to memory of 2104 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4596 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4596 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2104 wrote to memory of 4044 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2104 wrote to memory of 4044 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4596 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe
PID 4596 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe
PID 3020 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 3020 wrote to memory of 4680 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 4680 wrote to memory of 384 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe
PID 384 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe --port 50017 --websocket-port 50018

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLMppKn

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLMppKn

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="384.0.224185712\1699106258" -parentBuildID 20240416150000 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {71e70215-5b4a-44fe-863f-905989ab979e} 384 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="384.1.1675160145\698349918" -childID 1 -isForBrowser -prefsHandle 2376 -prefMapHandle 2960 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {5f73c0bf-68fe-4d8f-8e38-8bcfe2477e29} 384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="384.2.1777961919\56456250" -childID 2 -isForBrowser -prefsHandle 3064 -prefMapHandle 2708 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {1bc5d188-122f-44b7-b3c4-c401482263f0} 384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="384.3.998330194\1323046623" -childID 3 -isForBrowser -prefsHandle 3304 -prefMapHandle 3404 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {c17f8f37-6957-4f6c-ae2f-775ac9021e81} 384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="384.4.1378382952\1113570918" -childID 4 -isForBrowser -prefsHandle 3552 -prefMapHandle 3556 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {9cb1643d-8f2c-4f52-b6cd-27110cb55f87} 384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="384.5.1856910651\1928775169" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {48d9cb06-cd28-424b-9723-b4aa311aab41} 384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="384.6.93957328\683763856" -childID 6 -isForBrowser -prefsHandle 4132 -prefMapHandle 4136 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {b43cb41a-d44f-42c5-ad69-eaabd14ff1f7} 384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="384.7.1621128392\1959846773" -childID 7 -isForBrowser -prefsHandle 3548 -prefMapHandle 3956 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {7eb515b5-cabd-4800-99d9-391579b52e05} 384 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe --port 50017 --websocket-port 50018

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3644.0.26199634\375918301" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {2500da49-b14b-4bdc-9c09-8b182381b694} 3644 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3644.1.2020522419\615132365" -childID 1 -isForBrowser -prefsHandle 2632 -prefMapHandle 2480 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {492b737e-2a4c-444f-9706-791b2231f439} 3644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3644.2.1237585109\559933889" -childID 2 -isForBrowser -prefsHandle 3120 -prefMapHandle 3116 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {4a5b5379-88a3-410b-84ff-04e353fdf724} 3644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3644.3.2133873990\867371125" -childID 3 -isForBrowser -prefsHandle 3584 -prefMapHandle 3240 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {5e09f17f-ee80-4191-a740-0cacb65dd01d} 3644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3644.4.28769241\2031121997" -childID 4 -isForBrowser -prefsHandle 3240 -prefMapHandle 3684 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {878431e4-8915-4dd6-85fb-21e7bfc874e0} 3644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3644.5.1376488911\1365366670" -childID 5 -isForBrowser -prefsHandle 3692 -prefMapHandle 3808 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {cea0bdf2-58cf-46dd-8f90-f427f257355d} 3644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3644.6.588164534\576872216" -childID 6 -isForBrowser -prefsHandle 3068 -prefMapHandle 3328 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {ce86c677-1348-46f3-bd56-00c4791b0626} 3644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3644.7.1443629734\1802714874" -childID 7 -isForBrowser -prefsHandle 4528 -prefMapHandle 4532 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {44b3b35e-77e4-4e77-8591-5ca4cf0fa731} 3644 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe --port 50017 --websocket-port 50018

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW09zsf

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW09zsf

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.0.13042335\545085411" -parentBuildID 20240416150000 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {a8b09aea-4652-4c0f-8a0d-ee68154b34b4} 4788 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.1.1600885638\1639975986" -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2704 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {ea181245-5d02-4180-88b9-a77e94964815} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.2.723655259\2118546986" -childID 2 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {df2764ec-56ca-4523-b6b9-e87916c270c6} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.3.1292313983\1384764315" -childID 3 -isForBrowser -prefsHandle 3672 -prefMapHandle 3676 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {655ebbf2-a8e0-4e5f-8cc4-0564f835b621} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.4.2002318270\772469269" -childID 4 -isForBrowser -prefsHandle 3152 -prefMapHandle 3164 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {ff8bd23d-59df-4133-9ea5-259496bcd0eb} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.5.226009808\1392220364" -childID 5 -isForBrowser -prefsHandle 3224 -prefMapHandle 3208 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {f3c520dc-3fd6-4f95-afe4-7ffedd3fa2d0} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.6.1390253876\253962493" -childID 6 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {bf261bef-bbdb-492e-b8fd-bbc2bfb5cb71} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.7.103533016\903476252" -childID 7 -isForBrowser -prefsHandle 4456 -prefMapHandle 4460 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {f794db18-3112-47bd-a530-9eb2a8da6477} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="4788.8.1324865504\887727100" -childID 8 -isForBrowser -prefsHandle 4456 -prefMapHandle 4628 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {ea70722a-c381-43b9-be13-20ae91249881} 4788 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe --port 50017 --websocket-port 50018

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4rQx1e

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4rQx1e

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.0.1277650047\415876658" -parentBuildID 20240416150000 -prefsHandle 1760 -prefMapHandle 1620 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {7fe26511-3ec2-4f0e-9e2f-528e2d47f5ca} 1056 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.1.1154434676\566153427" -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 2472 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {f0c3393e-e8a6-486c-aaec-41105d5bd74f} 1056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.2.1943330231\433449188" -childID 2 -isForBrowser -prefsHandle 3136 -prefMapHandle 3132 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {2c67a734-e71f-42d9-82af-ff362c447a20} 1056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.3.1840084596\1239855981" -childID 3 -isForBrowser -prefsHandle 3552 -prefMapHandle 3336 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {33508e64-e632-4184-a58a-72520927a981} 1056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.4.1815938440\1380823307" -childID 4 -isForBrowser -prefsHandle 1612 -prefMapHandle 1608 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {615f9f65-e93b-4bf0-9e57-3ac6ff479cff} 1056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.5.718655672\2057740962" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {60e2ceb9-8292-4d6e-abb3-44b4adaee99f} 1056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.6.561470486\279058613" -childID 6 -isForBrowser -prefsHandle 3920 -prefMapHandle 4120 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {58bf20f3-ef32-44e5-9663-fbfadec5a0bd} 1056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.7.1922469580\980823423" -childID 7 -isForBrowser -prefsHandle 4596 -prefMapHandle 4592 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {795833c2-01af-40a9-a2a5-2155791dcfb7} 1056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.8.61211210\91688704" -parentBuildID 20240416150000 -prefsHandle 8692 -prefMapHandle 8688 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {b3a3846d-af29-49f4-b4a7-9a7ed53a53c5} 1056 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.9.1556901687\1006790798" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 3972 -prefMapHandle 8524 -prefsLen 27362 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {5e038dbc-5034-48a4-9f6e-b81a5cd5955a} 1056 utility

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1056.10.1433631733\1889256644" -childID 8 -isForBrowser -prefsHandle 8320 -prefMapHandle 8324 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {2241a6f6-7d3d-4135-8415-ed293dee99b2} 1056 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe --port 50017 --websocket-port 50018

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1604.0.1633912391\1934568430" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {582ccbaf-5662-4b98-9f64-c30604cd8125} 1604 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1604.1.716622018\1039922915" -childID 1 -isForBrowser -prefsHandle 2256 -prefMapHandle 2288 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {f4f81aba-1849-49ac-a8ca-05f9c9ba1048} 1604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1604.2.966669908\190017617" -childID 2 -isForBrowser -prefsHandle 3092 -prefMapHandle 3088 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {ef2265d8-b608-4c3d-b8bd-ab4ed121b5a8} 1604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1604.3.156936420\1869932382" -childID 3 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {546dc69d-c32d-4bda-91ed-ad6cd8f20173} 1604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1604.4.717422857\624120633" -childID 4 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {492e8510-a3ff-40d8-becb-57e6f22ab522} 1604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1604.5.660916003\1690816918" -childID 5 -isForBrowser -prefsHandle 3264 -prefMapHandle 3408 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {40aebfd7-e88d-417e-b78a-b909ebc07b78} 1604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1604.6.1321834515\1889238767" -childID 6 -isForBrowser -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {36c94553-0124-44d5-a63b-c287e8d587a9} 1604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1604.7.861335717\1984456288" -childID 7 -isForBrowser -prefsHandle 3468 -prefMapHandle 4232 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {4d99f01d-d7ae-4cd8-a690-e868039bc342} 1604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1604.8.172373113\488295392" -childID 8 -isForBrowser -prefsHandle 2520 -prefMapHandle 2280 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {3cba688b-e8df-4317-8269-f49950df72de} 1604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe --port 50017 --websocket-port 50018

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNWFhg5

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNWFhg5

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.0.1803672635\356800384" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {640115fd-77e7-4bb9-b9b1-6d301f738ed9} 2060 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.1.991484988\121425986" -childID 1 -isForBrowser -prefsHandle 2292 -prefMapHandle 2556 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {ee22af6e-d728-4cf6-8fdc-9b672490a441} 2060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.2.909911771\222978175" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {beb84dc7-beee-42ed-a5a5-a4cb067f97de} 2060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.3.278302284\2034039030" -childID 3 -isForBrowser -prefsHandle 3684 -prefMapHandle 3332 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {3346fa16-5251-4fc9-afbf-6a68cda12ce2} 2060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.4.420714626\304003375" -childID 4 -isForBrowser -prefsHandle 3888 -prefMapHandle 3884 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {587f0aee-5674-4138-9a5f-b8c9b5d23f61} 2060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.5.114673464\1320237536" -childID 5 -isForBrowser -prefsHandle 3172 -prefMapHandle 3188 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {6aec88af-6667-42a3-bb3f-a9e282b0ee4b} 2060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.6.1040721453\1100498330" -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 4108 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {55647300-4c9e-487e-9a47-49999a4772bf} 2060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2060.7.172432084\993142977" -childID 7 -isForBrowser -prefsHandle 4488 -prefMapHandle 4508 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {7aa9fa52-9a50-4ef9-92f0-1795f66b6934} 2060 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe --port 50017 --websocket-port 50018

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSJULzR

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSJULzR

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.0.1548833782\1525662133" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {17bf9660-cd80-4c01-b1d0-37498dc33597} 2540 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.1.1663478587\1193901790" -childID 1 -isForBrowser -prefsHandle 2404 -prefMapHandle 2512 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {7955bc90-7640-4d0b-8fa0-4df350a60b11} 2540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.2.868555739\1429123505" -childID 2 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {7d4be07b-e8b6-4c45-992b-86eeb2fef914} 2540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.3.1344625653\1368838681" -childID 3 -isForBrowser -prefsHandle 3124 -prefMapHandle 3204 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {3c84bdfd-d2bd-4159-b83e-87aeefba13f6} 2540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.4.978148832\2079321253" -childID 4 -isForBrowser -prefsHandle 3716 -prefMapHandle 3732 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {daebd0f7-3eec-434d-b161-79ea92d22cf7} 2540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.5.1916594576\759497599" -childID 5 -isForBrowser -prefsHandle 3736 -prefMapHandle 3912 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {1192d176-5143-40c1-b6c7-b083ca81043e} 2540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.6.2130471017\1887185754" -childID 6 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {612be01e-a037-46cf-99cc-25df173d61e0} 2540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.7.401479051\804838834" -childID 7 -isForBrowser -prefsHandle 3116 -prefMapHandle 3784 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {c789c68e-546c-4df8-b884-d21c70be9ce6} 2540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.8.987931885\472124922" -childID 8 -isForBrowser -prefsHandle 8744 -prefMapHandle 8748 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {0bfda0c4-6f2a-4d00-9286-d0ac1e1717ee} 2540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="2540.9.477540248\1521260317" -childID 9 -isForBrowser -prefsHandle 8372 -prefMapHandle 8716 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {5a887348-711a-4efa-892b-10cdd512c670} 2540 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe --port 50017 --websocket-port 50018

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5YM8pj

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5YM8pj

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.0.1970404927\1509092492" -parentBuildID 20240416150000 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {3a00f584-0045-4e9d-8104-938dc26f0ec2} 3340 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.1.1448930380\1007062449" -childID 1 -isForBrowser -prefsHandle 2588 -prefMapHandle 2404 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {da529d7e-c1d0-46de-a4c8-8f8a22a7003d} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.2.1327068543\435182388" -childID 2 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {21fdffa8-d1fb-4438-8a2d-6b558a128caf} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.3.361997399\123699854" -childID 3 -isForBrowser -prefsHandle 3320 -prefMapHandle 3504 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {0164947b-8278-4b1b-b950-8bbbc8005cbf} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.4.353647840\905257220" -childID 4 -isForBrowser -prefsHandle 3092 -prefMapHandle 3180 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {cfdf2a22-7a3e-4c2e-a80e-dabee5690a85} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.5.294663458\1617184008" -childID 5 -isForBrowser -prefsHandle 3124 -prefMapHandle 3196 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {71ef8d39-e6b2-4d7f-b4eb-44155a0918f1} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="3340.6.196026434\1992448843" -childID 6 -isForBrowser -prefsHandle 4004 -prefMapHandle 4008 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {0127e145-5d3a-4566-a789-f6e132befbbf} 3340 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe --port 50017 --websocket-port 50018

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIQ73FN

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50018 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileIQ73FN

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1440.0.2110311081\2044288203" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {15d718dd-dd19-4385-ac2e-c43a00832eb3} 1440 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1440.1.551168472\1264215961" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 2596 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {df8f08a2-0a01-43e2-a0e7-099e89c3d6d5} 1440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1440.2.301864554\1066112392" -childID 2 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {ccc40e70-831b-4574-8421-7f3a5b61a38a} 1440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1440.3.2018522163\298704047" -childID 3 -isForBrowser -prefsHandle 3088 -prefMapHandle 2572 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {d45924db-1b25-4361-a22c-0e8e8b27e82b} 1440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1440.4.858793154\1288452208" -childID 4 -isForBrowser -prefsHandle 3680 -prefMapHandle 3616 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {20ec4c00-7dd8-48ec-a605-39091fcfa552} 1440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1440.5.358609378\488669345" -childID 5 -isForBrowser -prefsHandle 3816 -prefMapHandle 3820 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {ab1e9d06-b655-423d-a946-770bc18ab40d} 1440 tab

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe" -contentproc --channel="1440.6.1679652324\1295411480" -childID 6 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\browser" - {34cb010b-bfee-456e-af87-6122f9ffeeda} 1440 tab

Network

Country Destination Domain Proto
DE 31.220.93.201:443 tcp
US 8.8.8.8:53 201.93.220.31.in-addr.arpa udp
DE 185.220.101.140:11140 tcp
EE 94.131.15.74:443 tcp
US 8.8.8.8:53 140.101.220.185.in-addr.arpa udp
US 8.8.8.8:53 74.15.131.94.in-addr.arpa udp
N/A 127.0.0.1:50120 tcp
N/A 127.0.0.1:50122 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50225 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50233 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50575 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50583 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50909 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50917 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:51263 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51271 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:51726 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51734 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:52091 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52099 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:52436 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52444 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:52850 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52858 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:50017 tcp
N/A 127.0.0.1:53150 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53158 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39802\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI39802\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI39802\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI39802\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI39802\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI39802\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI39802\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI39802\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmp284e6axx\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI39802\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI39802\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI39802\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI39802\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI39802\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI39802\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI39802\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI39802\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI39802\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI39802\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI39802\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI39802\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI39802\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI39802\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI39802\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/3804-493-0x00007FFB6EF40000-0x00007FFB6EF41000-memory.dmp

memory/3804-492-0x00007FFB6F5F0000-0x00007FFB6F5F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLMppKn\prefs.js

MD5 a3b4252d87ef4d930010226c25360f56
SHA1 19c2d4bd61a3f689e0f82df339694d37f553764a
SHA256 148d92fcdc8712a0d3f6685b8c4b48a128ae650eac3c476125475d040b471316
SHA512 2e2ef4baf1fe850b190985b045d7d3ecfe6fe9f5c9fc9b7491abb67d4f3e4fd8473fbe34c7f7a31c5200cd3c6041aad3240aa2f1f69d6baf32ce6ffab8444cf7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLMppKn\extensions.json

MD5 65c80e09c70b3efae43fe07c5dd17e37
SHA1 cb379107b4f5a589a2a87fe010fa9b768544cf7a
SHA256 0c04946d957133833c1138e74dbb323cabc7205424fc7b7ba2793cc4f72c77ae
SHA512 c4fdc56eb6e2412711db079bf48cee036d83098c6cdfc8915331b0158842ba58f3019265236df196e5c6e4e18b73123d2e8d07ea11c0d45aea4bcdeab262a1e2

memory/384-570-0x000001F51F860000-0x000001F51F870000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 71f874872daecf7c8c9708bdd12c772c
SHA1 4d20cb0a3057b4af7ad4b4ce3aae66c15e5abd02
SHA256 b3f49bc248e99a7beb8e6da591d0a6b138e339597dd1e74d37f63d274ab718ae
SHA512 562ec8cb0e96eb8402ba282e0f9c63cfb83c23ffee356fe344b490e56865c5d3063b099bc5834daefd5b8df120f6a3c807a1ecc9bccafc5473d69315a4bee4ba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLMppKn\prefs-1.js

MD5 06c83320f764073ebaa42123f3da45e4
SHA1 3ebeafad2b95fdd243e2e5acce762142db398315
SHA256 7cd603642961b9f0c3092cacbe79dd4f10fe8e100b7ab4b3e72c32eb66b8737c
SHA512 465e862f64c55bbb588804856478ba9b6e2d877b5027ca769abcdd52c390b49df7f5c6ec4d996970461f4253bbd91c25a58f1003a670e30a71c3d1b500cd4452

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/3644-852-0x000001E58EDC0000-0x000001E58EDD0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\startupCache\webext.sc.lz4

MD5 65cef89120ea2403ba8cde0125b2f99c
SHA1 a1150eb39676d7a2b69523a45ea98a6f2cee3ee7
SHA256 e2598a3c958f64acfed7dc884c4d8eca330a02741cb49c3fa1c172dd862cdf3d
SHA512 69ceeaeca4b0d71a299599a937374cef8fd5ec8ca79b1a89167d6c58edc52251f88f4e9ecf08e6c9d454957be4710c22df5b8d36aae29b669aeab56a5228d063

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\prefs-1.js

MD5 0e46aaf2c957de4bc5b8467726a40e12
SHA1 3263911b9e875e348d7a0ef1d844d3c9a9ca9ec4
SHA256 688669efe2ef820d2928077067fda4db697d4d51f28b45b3a6fb5f6ca3d19127
SHA512 c42498613c7278a44c6d2cec04c99b2cf70b7fe72c4396c2b7eb441b48b0c5a0186f4298fc1a573910dbde6bfafb6c89fe770624d5a376a4f496f23af7b04786

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePyspqO\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW09zsf\user.js

MD5 3cce8d3c9a6d0a49cad3156699e190df
SHA1 0704429f75fec0f8a34420de22028291b243691c
SHA256 f8334fe437d133563f030622777e6089b57553df1237d5e4e8b97adf66e75fe6
SHA512 939dcdd0dd3fe52d5997470ed515da465a584cebe58c9b5efd3761caec63857139944a5d3450c1bbc8717ca292840867992dadb0646522b131fb6ee40ecfe329

memory/4788-1148-0x0000017551B20000-0x0000017551B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW09zsf\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

memory/4788-1219-0x0000017546630000-0x00000175467A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW09zsf\prefs-1.js

MD5 5e28c3340be8d74a0fb87ae6298a48a2
SHA1 2510b21c405d445507f22ff9452317b837e3e147
SHA256 969e5432f0d156080c98da72569081a250f06427a5436f6bb6ef72e100815c29
SHA512 059ea5fc63768d56cf7f92c6a862e6e0710279635997d006435bf0db49d0a9621c13aac32589381e5cf0b1665d44cd01af7fccfe3a98c541235e335233b9ff58

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileW09zsf\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4rQx1e\prefs.js

MD5 55ea080025b7bb0832ad4f557f2706a6
SHA1 4d9836cf6d18e606abb9a0d3efd9fd7f76c5719d
SHA256 b6d65390679bcb3cb686196c247e5f81c77967fa232f47a6e64e743dcbedf195
SHA512 7a662e13d53296419d5a16097c9162595c54694e6bdf317b02acb2b7323c8cb4e9fe58ba690f42a850543f2d4f0458109437f30430b5ac1fd9b9d7cd5c335ff8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4rQx1e\prefs.js

MD5 db168115552f3506f796244e195739de
SHA1 7705e813d19ed71375e4d22d6d31f4cab125068b
SHA256 85f9dace2726e62a175921bbe04fe7302ee721bcc2c27a813deba53b5e9abf44
SHA512 4816eaf95f8eb3afd27ab07cf399e015f6bc6fdc604eb100ad9962b6a783cecad0cf05f42fbf711ce3faba890002fee919501386f8448148ac591dd223f959e4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4rQx1e\prefs-1.js

MD5 e6af1449d542fb111034508394ba7ec9
SHA1 ce4abee9928e4ac80454b713c2601cda300b3406
SHA256 9a087f44941ade946b573a5fbb4e1115eee7d44552689c61ef6ff51248d1ab43
SHA512 0074cb6f1dd5f2825aa9ab9e18d4f552a18b36f7825c531a4ad1c4531adfeb3bae15d7babaa60d3dc12bf2497a52ae6e6cf7e1888794aeb5fc6fef560e5d8d48

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile4rQx1e\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE\compatibility.ini

MD5 900e186ee4e135e3fcdc068599e2b3f5
SHA1 07f53315e7553d6bb546f595bb7ed1145682c313
SHA256 2c583266d13eb97852073bf6a51b18522add19dddf78d4623d96c272cc70f317
SHA512 56e8476026347a5bbf5471c2cbb5c831c741a97ab02b7fccefab8ca89219a75eb5460607f43c019f66de3b30579c8856b5e5ff6b54710a119e6d8d27805a3767

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE\WebDriverBiDiServer.json

MD5 faedef1fa13eb9b65f0f8bc3471fff0e
SHA1 b781a11fbc1c8041d3aed514bcf4d4eead4d6770
SHA256 00b587155e1151f15f45cbd3d16bce774a55042dfbf4319748ec14ce61cacf60
SHA512 3e8b736c641d11782a202b70b1ad01a1ae7026735a610b93fb32aa86be45fc588527f7cdfc2b7bfdefd65c7a3ac955e036755336bbe900ddbe7eaca695aa3341

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE\startupCache\scriptCache-child-new.bin

MD5 f5d1636ce3602881a361d6b4ef15f97c
SHA1 6976e01e8f57aefc8a626d3b8967aa3a056930f9
SHA256 01565f73663b891f84d82db21727226d9d0c622d3a43af33a0aa332ebf56d27c
SHA512 fb0525447422216487f6b2cd6911a831af358f5d8fe97742db91541085e230841bb8a70460ebe29de85fd34020ccf4fd510719fad646338431203f23a14ea0bd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 28c0465c18a9ba70534246d84dbbe698
SHA1 42eb48279cfa25ead89a434773891c16f0951c05
SHA256 eaf6e4d3c521975facab872c1cfcf72e10cc36f01ead618acac4db99d1cf3011
SHA512 7ac0211079fb70b68d8f00340385b0f67ba732bf3cc3b44ef6ab6c176c121869b7b570b7bebf1fcf0cd7f90ad35a99d807b28b4620f2514379632149e78e351c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE\prefs-1.js

MD5 238079d42de8ffcdde0a9399d8f1ac3e
SHA1 a71b1e46dd8fb9d439f5c71b7c989957dbf711d5
SHA256 8814e1938c591aebad15f8c493970fca11a527999b79d6e90d2e1cd75bff679a
SHA512 72f6d4f380ee726536becb8afd388b51316fadda69c5382ef0192b3e52a044187a434108da13315bf884a9ce6cfbc0b3833b4cb0d8e5b27685ada5f2f83f31f7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile34q0pE\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNWFhg5\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNWFhg5\prefs.js

MD5 31943ed513954ca80ff30da4acb9a06f
SHA1 cb88bc03290eb43ac79ac3321b2bd5e07027e6a7
SHA256 cc96173bc3918acad0387d923ca26cdbdb87e4fbb4be6958729b0a6e15a989a8
SHA512 01cfb5a44bbfdebed9ad77ffad0e5f5d35b36f906d108823dbda9720cc6fff805f2591da59519934d31d6b390e2abfe5ba79f22710f10583deb9e10371e2b6b8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNWFhg5\prefs.js

MD5 7f9c8cdbbd8bb8be313a2619dd3cec24
SHA1 cc1978ed313032c69fe45ad6dd201c087f464851
SHA256 ea1d04adc674fe6e6b3634cb1c1fd9599ad4869a4e7d03be410120211d11d798
SHA512 588ef929be8cb59ea54da1694cf8bdcd1698e7dd8bb7d1e083b0504b9cd7758bccaefb84570e9d2aa60ca3ae4c430ee99af110b0675d2d3243194fe6fe9eaa80

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileNWFhg5\prefs-1.js

MD5 242f48d85bff2ac712954da91570a939
SHA1 8545dd767d1a3e3ef63796523f4b44099a3b26ce
SHA256 6af7650cdd0699d13bacd49a16876c12105cde04da01d52bdc74df705b56b6f9
SHA512 f78ecceeebf3cf1203e5d82ef2558176fc22dd013880c1dc8bbd901d943bab31c6af257f4fa6fe1df04e6b1f51a4ae5f3ca4c47d1344ee68a6c27a037adca95e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSJULzR\prefs.js

MD5 ff68f31aaedbacee201733d844316ad5
SHA1 936c0ea9a082f6072367ea8ab69ed8615c871e7b
SHA256 144b548f052ff9058acdfeb0c783280a81047cb059726aabb59e1d0ea229c744
SHA512 c67dd6d8d4196a2fe274deec9ca8857797c25cfe743e17d8be25fae571eb1a86a03692dcd1ffa2d27b777c077c6cc2c9e92ded01e454619b8146ad272d594a28

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSJULzR\prefs-1.js

MD5 b8457607cc2111402fb8ed5eaa5df9e6
SHA1 e2879956e5207b34718897bb8321bf8a87b25866
SHA256 dd23468c0b607000ad274401ae57d5cab8a95ec0d031dfec17bc2359bda0a4c7
SHA512 8ada0799375d0bc807c8b42210e18e7e74858d72ccf095f35b9b74025d7985f472376ccd1db597ade2e6d45147bb5f18f9f6b6461a99ac621e1005e38635104e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSJULzR\prefs.js

MD5 dbb0a15faa63f2c2abd7df76129bb22d
SHA1 b4a009d43dcb49143a0657a3939a3c3870d02475
SHA256 96710686d2d9d9f06099cb2ab44856e9f86a38ecd6589e22b3f32bde96d199da
SHA512 654999033493098d182013b30eff98f946266ca329e0a34e3fd790f51aa60eac821c54a42c68013f31de1fb3904950188482a7391b3e91e53107a2a664e3f9c5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSJULzR\prefs-1.js

MD5 adee910e060fdc3a856eeabae6fe725b
SHA1 c417b5023d405a58a5161023b79122076d1a7c88
SHA256 bb0deb77003894d4484d2cd2c8a0da00ba3c40f1f7ce219734b2417a63b9a53d
SHA512 92daa0ff545d182adbe15e11a8c337b3a93b2999559739d59c237a48878751b27fdaf98797bd9e2dbecbc04bfb6d6d4c211953b3358d19381da912d6ffdc4e57

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5YM8pj\prefs.js

MD5 020e6f0bcc4b38a62a91c3e1d6e84736
SHA1 8ac749e7a0d290b4f3ab7bc378ffe8c616aa6b30
SHA256 7e281d40692ae9ac7f048997f6fdc9277c146a9879b0f37294f8c5e11d966428
SHA512 c123bf018ad666d8251c0fcee210c6052755d576216c7c562772579466c0f30a7b9e4b8c27aed81a5cc6e2f34ec9ce0a636417643f8949126032fc8d278f2d30

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5YM8pj\prefs.js

MD5 9c0886eeee7f2264bf922d990029efe0
SHA1 056d9a22357c5d2f97f388336d1bea5b6d9b3267
SHA256 25ab059e4c8d9fd302e3a61c4da174c966b726c763e6eb8af585cc01989f04b1
SHA512 767afdfdada8cda1bc9207cccb7b0dcca6377ee7a9647da0d412bf3357a8b676de6bd6016ff88658b6d63242359fef69ee9b41e461713685c10fcd78d13fe64e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5YM8pj\prefs-1.js

MD5 4293d2830b716bab862fa67103f0b4e4
SHA1 d49a1e890d85ee8f43c28e8b41440703d99d774e
SHA256 687dc3f2240a4a911f36c35a16184c5d8dc4286a657743fe599182b6501fda02
SHA512 d9913994c1074cdf6395b1716709baa9adf49426e546c804868c026fba793398bc85fd34d9e9d6f4c33525862324cca9ba37853896f2fe63553150f9f0b7c5d6