Malware Analysis Report

2025-06-15 20:35

Sample ID 240509-ccjmvacb2y
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
evasion trojan pyinstaller ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Likely malicious

The file heavy.exe was found to be: Likely malicious.

Malicious Activity Summary

evasion trojan pyinstaller ransomware

Renames multiple (55) files with added filename extension

Checks computer location settings

Unexpected DNS network traffic destination

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:57

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win11-20240426-en

Max time kernel

300s

Max time network

306s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1052 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1052 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 540 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 540 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 540 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 540 wrote to memory of 1692 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3216 wrote to memory of 1624 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3216 wrote to memory of 1624 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 540 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe
PID 540 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe
PID 2436 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 2436 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 1568 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe
PID 3176 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7O2Y1x

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7O2Y1x

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3176.0.1773233042\16706016" -parentBuildID 20240416150000 -prefsHandle 1700 -prefMapHandle 1672 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {078c017b-64ba-43a1-806f-91b4bc260d96} 3176 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3176.1.375945592\1076288012" -childID 1 -isForBrowser -prefsHandle 2316 -prefMapHandle 2528 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {60534d96-4be6-470a-a110-83a68849b6c7} 3176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3176.2.1090954582\1063731100" -childID 2 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {aab4e172-855a-467b-b0e1-d3fcddec0581} 3176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3176.3.1890830956\1729479271" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3444 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {50d18b9c-a988-4c2e-812d-e5eb94cc75fa} 3176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3176.4.812372120\1203371648" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3800 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {0a007736-345f-4eb6-bba1-dac31d07bfe9} 3176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3176.5.1535700045\1240079928" -childID 5 -isForBrowser -prefsHandle 4048 -prefMapHandle 4052 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {748d5485-9882-41a0-9ade-047c8e3144b5} 3176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3176.6.1525296149\1913426545" -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 4108 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {6bb3ec7c-c510-4d67-8139-a4a0d5ce862e} 3176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3176.7.894679853\1112730740" -childID 7 -isForBrowser -prefsHandle 4436 -prefMapHandle 4440 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1340 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {3c82b566-16df-4a9b-935a-699ae5522219} 3176 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3612.0.565318561\1394700193" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1672 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {6716d5cf-bd70-4729-a4ed-f87c1cd50584} 3612 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3612.1.955475062\1675528049" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2748 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {26b4dbda-6318-4c1b-bd3d-250248aec043} 3612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3612.2.586109868\1238255366" -childID 2 -isForBrowser -prefsHandle 2960 -prefMapHandle 2620 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {4bcc73cc-1958-4b73-a9eb-94474b92f3c2} 3612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3612.3.1501495606\771655548" -childID 3 -isForBrowser -prefsHandle 3304 -prefMapHandle 3460 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {66b2118d-056d-45d8-bfd0-5891fc3110f2} 3612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3612.4.1750381202\454422283" -childID 4 -isForBrowser -prefsHandle 3280 -prefMapHandle 1360 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {5b59b261-8f8d-4d99-b2d5-e468402ef2d5} 3612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3612.5.891471759\1073535439" -childID 5 -isForBrowser -prefsHandle 3916 -prefMapHandle 3920 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {06ea9781-3042-4aea-9adf-e98f3af46ff9} 3612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3612.6.1514586798\739070200" -childID 6 -isForBrowser -prefsHandle 4160 -prefMapHandle 4156 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {2f0c87c4-5eca-4521-b3ac-028001b9ba59} 3612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3612.7.706099191\596584731" -childID 7 -isForBrowser -prefsHandle 4488 -prefMapHandle 4484 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1280 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {3c67e341-690d-4986-912f-ef003ecba3f9} 3612 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGFKZcu

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGFKZcu

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="912.0.593913998\74446287" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {df7e6dbe-86e8-44af-93a3-1ed083cb427e} 912 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="912.1.193901281\1099553108" -childID 1 -isForBrowser -prefsHandle 2456 -prefMapHandle 2780 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {2ca794eb-8ff2-4a54-b2cd-1fd8a8bf2999} 912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="912.2.1766483818\2054990580" -childID 2 -isForBrowser -prefsHandle 3084 -prefMapHandle 3080 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {486ef0ab-d899-41e4-9b1b-e1caa9f22b75} 912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="912.3.1488114644\1460898376" -childID 3 -isForBrowser -prefsHandle 3560 -prefMapHandle 3696 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {f3e43e83-b3e1-4489-8202-27405ff72e45} 912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="912.4.2099248440\2099811835" -childID 4 -isForBrowser -prefsHandle 3128 -prefMapHandle 3144 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {dac34e44-eb32-4898-8ea7-fc4f006793c0} 912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="912.5.362553465\74897719" -childID 5 -isForBrowser -prefsHandle 3400 -prefMapHandle 3404 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {29d8a696-dddd-4e99-b8fb-ae16ae436717} 912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="912.6.1302106328\1641356816" -childID 6 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {67f79fec-8bd4-493e-84b8-6a9978253911} 912 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9P75Z9

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9P75Z9

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1688.0.1342661536\1048023196" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {67bb3a98-3c98-4d33-a7f9-3f9db347ca38} 1688 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1688.1.1475176819\1562930313" -childID 1 -isForBrowser -prefsHandle 2656 -prefMapHandle 2652 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {1aef17b7-86c1-4872-8e05-8121a9574e18} 1688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1688.2.188359335\2106825731" -childID 2 -isForBrowser -prefsHandle 3052 -prefMapHandle 3048 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {b9f8ad2a-2a06-4ca6-bbe8-6ce97b731fd0} 1688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1688.3.1580467673\218453835" -childID 3 -isForBrowser -prefsHandle 3368 -prefMapHandle 3404 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {2014f6a6-dbdc-49f1-9fd5-7629dce41acc} 1688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1688.4.589783942\1097812075" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3756 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {814b724f-4d1d-476e-9e23-e1a76672a122} 1688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1688.5.496964554\818081273" -childID 5 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {0591250c-2ba3-4de6-80f1-b6b8eeacaf4d} 1688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1688.6.1568629713\1709228599" -childID 6 -isForBrowser -prefsHandle 4048 -prefMapHandle 4052 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {e9379a3a-31c3-422a-b78d-6afdb2677aed} 1688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1688.7.366064499\176519087" -childID 7 -isForBrowser -prefsHandle 4420 -prefMapHandle 3452 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {beb47994-41ba-4cb3-9931-fcf5667cc5a5} 1688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1688.8.2118412080\1150526157" -childID 8 -isForBrowser -prefsHandle 4988 -prefMapHandle 4984 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1368 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {e56780f3-012b-423f-a64c-d9c5bb9d4639} 1688 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2132.0.422292961\207235576" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {68e24284-211f-4697-a14d-c5ee6c5d5a60} 2132 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2132.1.1115736572\884092223" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2264 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 912 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {5c76ef06-fdff-4877-8522-60c3534d7e3c} 2132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2132.2.746498120\1589289046" -childID 2 -isForBrowser -prefsHandle 3120 -prefMapHandle 2968 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 912 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {25f13c00-55d5-4ff8-90eb-d3a61163a664} 2132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2132.3.830453773\2022661132" -childID 3 -isForBrowser -prefsHandle 3456 -prefMapHandle 3488 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 912 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {4514bce5-914c-4a8e-a4bb-1ff0ae85f1a5} 2132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2132.4.808968863\1324305308" -childID 4 -isForBrowser -prefsHandle 3756 -prefMapHandle 3752 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 912 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {626e16b5-0ccb-413c-9721-6e1dc238b188} 2132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2132.5.937993549\1753042722" -childID 5 -isForBrowser -prefsHandle 3908 -prefMapHandle 3912 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 912 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {fe832dd6-4363-4987-b842-6a976def9d91} 2132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2132.6.1738666529\485400597" -childID 6 -isForBrowser -prefsHandle 4092 -prefMapHandle 3800 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 912 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {8fb2a529-cc16-4e69-a3f0-16eb235be419} 2132 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeNM3Np

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeNM3Np

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.0.650519750\791269088" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {d4e3eed2-1934-4b25-85ab-60f0d9b62927} 3416 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.1.1685022282\1014291449" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2888 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {a3d0b3dc-d66a-4918-a3ff-26d1f72733e6} 3416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.2.1961113396\1858104264" -childID 2 -isForBrowser -prefsHandle 3120 -prefMapHandle 3116 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {f9a4d5b2-57cd-49d0-a83d-e7e3300c83bd} 3416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.3.648287353\1121169380" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {9fc1d205-9d52-4396-88a5-c1bbee13311f} 3416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.4.1630909584\1342156927" -childID 4 -isForBrowser -prefsHandle 1492 -prefMapHandle 1484 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {fcb38160-da3e-4c02-9cf4-f3c88b19857d} 3416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.5.1532367480\1775259834" -childID 5 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {786c2118-0420-443d-903a-1150473c2c0e} 3416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.6.159338968\1452837139" -childID 6 -isForBrowser -prefsHandle 4072 -prefMapHandle 4076 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {27282c1f-344c-4a6c-81ca-b365749aaa96} 3416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3416.7.861900457\1977845702" -childID 7 -isForBrowser -prefsHandle 4428 -prefMapHandle 4432 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {93ccf2cd-6848-433b-b3d3-d679cdcd000d} 3416 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe --port 50006 --websocket-port 50007

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6hFXTU

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50007 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile6hFXTU

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.0.906903429\683652080" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {cd8f6b78-49f3-4299-838d-5fbc697e8655} 2772 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.1.435150353\2032271391" -childID 1 -isForBrowser -prefsHandle 2420 -prefMapHandle 2464 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {b9bc9a1b-0296-4bc6-ab65-7e12007ae7a1} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.2.1033337253\668917109" -childID 2 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {f9af5277-196b-4a34-8c60-c56b0e99d9cb} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.3.711748809\500880473" -childID 3 -isForBrowser -prefsHandle 3680 -prefMapHandle 3304 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {ad145eb0-e98b-44ac-87dd-e91ff68a8a7a} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.4.2027473179\472230415" -childID 4 -isForBrowser -prefsHandle 3744 -prefMapHandle 3748 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {8f588e3e-9e16-4398-bd96-f2edab0f4979} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.5.231826297\1739382025" -childID 5 -isForBrowser -prefsHandle 3852 -prefMapHandle 3772 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {78dd213f-a022-4296-9955-6a7aefd3d896} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.6.1102124192\464318900" -childID 6 -isForBrowser -prefsHandle 4032 -prefMapHandle 4040 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {e182e8c6-a9d5-49d8-ba35-2a10eb329ab7} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.7.1898358240\1171473448" -childID 7 -isForBrowser -prefsHandle 4412 -prefMapHandle 4408 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {5ef1a232-5535-419f-a7b6-3f9effc4b5aa} 2772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2772.8.352606001\1400271949" -childID 8 -isForBrowser -prefsHandle 1596 -prefMapHandle 3752 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1360 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\browser" - {72ceef42-f79b-4a35-8d95-405200d6419e} 2772 tab

Network

Country Destination Domain Proto
SE 193.11.164.243:9001 tcp
US 8.8.8.8:53 243.164.11.193.in-addr.arpa udp
DE 82.165.244.94:2424 tcp
NO 185.243.218.202:13443 tcp
US 8.8.8.8:53 202.218.243.185.in-addr.arpa udp
N/A 127.0.0.1:50109 tcp
N/A 127.0.0.1:50111 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50206 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50214 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50561 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50569 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50898 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50906 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51163 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51171 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51518 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51526 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:51858 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51866 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:52185 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52193 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI10522\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI10522\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI10522\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI10522\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI10522\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI10522\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI10522\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI10522\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI10522\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI10522\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI10522\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI10522\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI10522\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI10522\top-1m.csv

MD5 b00450d17281f961371e97f4d6e0556c
SHA1 e00103eab2daba936e09faf644f425c35d4c8993
SHA256 a61cc6fd94637eed1abdd00006c4bbfcfdf347e4b91f44204f029d09980f9691
SHA512 5c77ea93e8901f692090150aee7e3e7ceade77b648a09bbd67f36bcf8e795939acad3435b508eb135bf5cd8f9386f64383925387022b66d3427dae3eccdcfe91

C:\Users\Admin\AppData\Local\Temp\_MEI10522\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI10522\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI10522\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI10522\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI10522\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI10522\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI10522\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmptiehk_sm\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI10522\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI10522\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4932-485-0x00007FFDDCF80000-0x00007FFDDCF81000-memory.dmp

memory/4932-484-0x00007FFDDEAC0000-0x00007FFDDEAC1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7O2Y1x\extensions.json

MD5 7fb18862a906e91db2a8b58f83ed0a4a
SHA1 bc5f79c5dec73469a81a977bded143fc2a5d2495
SHA256 7f115d65d7cd1bb62d8f1fc8dd01eac5f658d77ac568694c786da7ca920390e8
SHA512 1a6c5c2c601169418f264c63c816dc3ed26a8ed29253e74dec3291aabba7fe42d522cbaf4e7bcf876838864000acb24e699d11c1eb10002ddd76f1296c3815d6

memory/3176-540-0x000001CEA7630000-0x000001CEA7640000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 5d57c24881d8839add954313ba54ba53
SHA1 b61148daec1538177b07adc914c3c5e7d0dfa425
SHA256 14502cd47b9d5d16a55eac73a969f3f97593670c59949165265373e70c11c0cd
SHA512 f257a6c97f264e61a6f3352ae1c8cc255c55c522779538d30e56da7bb56d7fab66d7ef1f38133b8194be8ed3c4df53885532f56bc27ae14b21c5071fcdd69156

memory/3176-593-0x000001CE9B640000-0x000001CE9B7B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7O2Y1x\prefs-1.js

MD5 d903f29c7300997b8c680db7ab82e105
SHA1 9b428f8edc07c3edd17ea4864637fb26b9beb1f8
SHA256 904d2916c30654f0b0397facdcfe02ef1ebaee46451c73be8145824c5b71328f
SHA512 01f52bc2f48227370f01057d75f2313a735a7b171ea2639eae3ad8a8b2a26775a51a8662504c9e9f980621737920e7a3c9f39a485027590f6587c591b39d0751

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7O2Y1x\prefs-1.js

MD5 33617c17bbb22793ef38a8b85a983d44
SHA1 e17c679bb7bcb74385df2f3a06e14bf2e0f0fe10
SHA256 58cf1356a5c5051a1649952048ef5526aa243d27c290a455437dfe5badc91e8e
SHA512 b41ff679ae020aa054b12e4884a4f0605faf203ded858a8e27391054e803743255be4ddc3a0153a438c9f7ba7a40f61e182f6e42e048f828ef7d1e0968748bd1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7O2Y1x\prefs-1.js

MD5 99eb71b4bad770fb4e204e544c5e1806
SHA1 c4dc2ddd13db487ed664df044ac3e4bb86c72159
SHA256 18f1aad8c583da31da06365d933408a61d9b00f904e23e0fbb6428909d8af628
SHA512 5091e6d541f424add8bb45881ac94e0c70f0afd1b32ea47fbb6e679bbe74996f85eb85263cbfcc9dd321eae3316095f3faa76c0c8937f8f1bdec67aad8065f69

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile7O2Y1x\prefs.js

MD5 434df8e27723ff1a211feda5825871ce
SHA1 88df46e7ab1ba728f09fb6ec5fba727d4ae39aa0
SHA256 286024bfbdc3e24448e3827d503a5fba64e76013d0fdc18e3645957f57c04f3d
SHA512 b5ae6696e46e677c040543f4e5f3aa31ed18633f731cb80ef763101a063ed0dfad9393cc13c0abe2fc4b2552359f53fe0d4a08ab5bf48a9cdccc28690309bfec

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\prefs.js

MD5 d365488ec8a7f471aeb22900dca09aa4
SHA1 478290bdd9c4ceac7f3d620beab9bf2d35e2f583
SHA256 599a260ce2ffca73965e412bf60aaae30ac11d4307a472f058c8f84f213c7d89
SHA512 d8d2367538b3267530df4db524364bfe2497820391de9a382a768a588d1f47a41387c8d97c53666fb09377eee07a9f19c889e74954fa2bb6d70a48ca57e6506b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\startupCache\webext.sc.lz4

MD5 1f52494496df0cc17871848eb2927d37
SHA1 42daf896e3d678e5a395eb7e72de7560429b6ce1
SHA256 57ac995f3ccd96b5e69464115820481cf75fb7a3c0a4ff1d7b4a43b126d2f4d9
SHA512 ebe6fe599345005c3126ea9dd75ab93d8479a0838c0526341290806d1cd43cc7ab4b76385e6ffb2f165574ee648ae4fb02b7ca43d91d5b3cb76a8a15a36d4129

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\prefs-1.js

MD5 0f33d85cb53173da098f96203b7ba401
SHA1 c92fbf5b701472a55b83f4fc0d22bfb8a6b8e17b
SHA256 6df66583ec33e6ea7e4fca2ca960ea7529db851d12fdc6dada9383455cf1ba25
SHA512 2452fe3852de04f1ebbd5912463d9a68aa8af9f18ad3b193d8d348a9f98ee5581167598b93e69e829de71ffa6dac4dcac07063d4576a034a7b9314ff192e5d1b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJiAx6b\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGFKZcu\user.js

MD5 59a22db5abfb647a712dd3dea2985ed3
SHA1 2f018efeeff6ac13fa8f80d3b5fdc120212befb2
SHA256 a2479a8b4f5db46bab8fd92a765c7a64ac3a3cdeb5eff64aa16cbc24777284b9
SHA512 337feb0747692cf40c42dd5faef76692688028b0f2187a93fbd38094ecb35bddc1ad91f642c6159b8fafac0164fae8f7fbea123783da2c153e1e5479b4449c50

memory/912-1165-0x000001EF23380000-0x000001EF23390000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGFKZcu\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGFKZcu\prefs-1.js

MD5 2370d4a084bea9949037ecdb60cabed7
SHA1 325f6d2b5105595c83636179267e6ee50be66231
SHA256 7984293aeaee0682925edb66254fe08c3f8264964cecb167c4db786fd9782009
SHA512 397b60b5a220857632c1f077fb443072df5bc93fc2e97530c6c25286b0df1de62cad73b4b0697642479692db5f6de719b33edef9a4539f0aa1eda45fb480e997

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9P75Z9\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

memory/1688-1412-0x0000013A67FB0000-0x0000013A67FC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9P75Z9\prefs-1.js

MD5 30ae5acfb784943d33e3f8872f232cd4
SHA1 bd790e6f22f2ac9959363c0ffd849fd7d4f1b175
SHA256 5ed67ae01cb6f698b8951fc0b185768d6d58f1386aa2bd0c62d52fd42b01cc89
SHA512 c4e4c2a78ca680929e2142f9542ca78780dcc838c1786be475a0caba982c779b2b736c8f4f1a05dc8f97652e65eef31afc039a8e9353f906a9268bea81bd6f7a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9P75Z9\prefs-1.js

MD5 a31b0d78c4a97185e1dc6fbe3e4c9725
SHA1 49b819fc564acc218b491d92dcdd6c5a62157e19
SHA256 4b1fe543e844bc3e1a8577294a17d1bebdefa4b8ec2d4c03cd4c025db7522f97
SHA512 69bb60cb2a6e8528735f348724c05f9a96af657cdec21ef734c28af9a3320a798be3bb71597fc20ff90eaade90936cb11c2508ab3f1feb5deb85c274c46b3ea3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9P75Z9\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4\compatibility.ini

MD5 5530b7bf862ef4fc22ccebd273909101
SHA1 48ecadec7a7683673042a0df7cf3748bedd49e56
SHA256 78541f97462a5d7c58d9e1cbea877b521b57d5d8de6cc85f1f02356b0f197547
SHA512 d104b563f40aa883147fd6c66c2c779ad19924a228ed9699b1b0178101bdb4fd72096ffcad0c20ed9f3230cce45135ad6b852b106bbe731566f1f1fbc0169cb5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4\WebDriverBiDiServer.json

MD5 0cef5cb2c2455e6fa208a9992e2056f0
SHA1 31e90336ba2bb4817e7dc03d7b17db518b912858
SHA256 8698fc7ce51b1a39dabdf354ba91970fa5bc48a83d0f4fcfdbb31c03d7040820
SHA512 8646e3621f4c679d62020f44c42cecf475474743df5f55da0b64f068e8baebb601dac6a5f09577d4554805118480ce3d39451c24d4ef48129a426ad9d29d316c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4\prefs.js

MD5 3e3043e74d8baec706af8a0fa557a7cb
SHA1 7dbd92ffc89b71444714727a3d037fbe6d2d6be6
SHA256 84e12e0fb3b9feff767666d405c94ccad92da3b572c7a42a88b287865d915341
SHA512 4ffd9744b80fab7ae4330fc3a6555535fe1058d27c68854db1266a9f382aa480f7ed6eaa57d2d08cec661678898c73e19633aabe51b7830b0504feb9fbc58183

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4\prefs.js

MD5 162dc6599f19a9786c404c93b570642f
SHA1 7d9ed639c4aafba4b558f7cab7c201d664716790
SHA256 2fbb22f87362bb9f583a1f26834d8a3b8a42b8e11c89986b9dd6f6376381a817
SHA512 fabb5a835869e037e2e1a2b0aefcdc62729c94bfe4d9dd0b904b8a65ffccfecbaec8045704060a8a043a9c88d12f1a4c06bc5995a12adefcb7f7e0044b2557f4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4\prefs-1.js

MD5 f590fce1bd62467a7182507ea0660c29
SHA1 c23a8a231436bd50957a6f77a296235bbc998b28
SHA256 5a36755eec19cdc8bc13eee7fc7f8d5a1129b2e6aa304f3a89c777efdfb4cc5d
SHA512 0f5c4dbb486c05ee02b38b1f5349e0afa6cab04141d2d976cd5567d045bd71a505d4464491117201824188b34162530bf1f2457637331ac4a823450443382547

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileh1IoC4\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeNM3Np\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 86d4c011497e62b27df8fd2446ee8b2a
SHA1 fddffe96f892fd76f56ed5e98d90ee95157c5341
SHA256 cab2a6a2cf28a2d226431e12a3e658325113ce233deb9cebd788d9bc0246645b
SHA512 38702c23d2eea977d2d936d129a252e49ef2056afda72f506bc590a84dc2451ae29ab9117335f94b361603585e8a06c952d6f0e81cf14c13f1c8da03f3f66aa7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeNM3Np\prefs-1.js

MD5 b701d9c5c32f2dba3c22c8467c2c6437
SHA1 b3361e804c58a26ff22e68ca231a70f2d451f49a
SHA256 1152f959589061fa23b3d948f10b65c60e85d26832288b21f4c94d5ca03d0e00
SHA512 f05be17f5d8e7b1bea45b018c96b909045e1335970ec4e16585bc46252711dcc35f6ae755126b834077585db91e54fd6e064b03ab7806bd6a57f2fff3f631412

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileeNM3Np\prefs-1.js

MD5 489b120c3eae7e62d127e45815bca712
SHA1 26bf60da13f3ec61c6d8ba0aaa2448dac0944308
SHA256 1d33949838a76048feef072f9315ba4f269bf663e34cc3bdbce738764bf5089d
SHA512 f2a0514cbacd75bce9a1a702fb4362b12cf1c6c99b073bec521faee235498973c99194e89bec91d07b32575b0d2e1f7ce640cad0ee2d4ce633182b98129d0f7b

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win10v2004-20240426-en

Max time kernel

301s

Max time network

307s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1452 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1452 wrote to memory of 4628 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4628 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4628 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4628 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4628 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 932 wrote to memory of 848 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 932 wrote to memory of 848 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4628 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe
PID 4628 wrote to memory of 3796 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe
PID 3796 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3796 wrote to memory of 3512 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 3512 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe
PID 2856 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe --port 51558 --websocket-port 51559

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevfzYGx

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevfzYGx

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.0.843690556\1102960058" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {ba51b1f9-87bd-405f-a1fa-c10fc4a1c0ec} 2856 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.1.696090905\1512103116" -childID 1 -isForBrowser -prefsHandle 2552 -prefMapHandle 2568 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {07f0fe2d-b381-4d78-af55-71dfd3e013db} 2856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.2.1303637032\873544667" -childID 2 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {facdebcc-e4a0-45fa-90bc-962f292a706f} 2856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.3.648717214\990945378" -childID 3 -isForBrowser -prefsHandle 3788 -prefMapHandle 3792 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {7988ac88-0cce-4045-a92f-4309f7c7b4c4} 2856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.4.277868532\687913719" -childID 4 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {0db8428e-9414-40d5-b7d5-5978f1d1c701} 2856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.5.156517174\1924735239" -childID 5 -isForBrowser -prefsHandle 3928 -prefMapHandle 3764 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {37a51837-3ff0-4013-91c1-721c50495b38} 2856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.6.555830089\933786588" -childID 6 -isForBrowser -prefsHandle 4168 -prefMapHandle 4164 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {cd340b9d-099d-4047-aa59-1b8c18e52ad2} 2856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.7.850783890\1289253088" -childID 7 -isForBrowser -prefsHandle 4108 -prefMapHandle 4396 -prefsLen 25491 -prefMapSize 245849 -jsInitHandle 1220 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {b1298309-1af6-43d3-a15c-d2983cdbf0bd} 2856 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.8.1417360406\1023154570" -parentBuildID 20240416150000 -prefsHandle 4796 -prefMapHandle 3996 -prefsLen 27719 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {460843d7-e209-4fea-8133-a3008eb31bef} 2856 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="2856.9.1918901262\973735336" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4332 -prefMapHandle 4180 -prefsLen 27719 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {2590fd18-d769-448c-8510-438d32040c5a} 2856 utility

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe --port 51558 --websocket-port 51559

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6008.0.1962458914\847547201" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {92b04c9b-8672-4ba5-a620-f45444949d03} 6008 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6008.1.1433186142\1469066840" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {7e5bd011-06e8-4c2a-9e90-763575f4cab6} 6008 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6008.2.674817198\375949411" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {5720bc92-29a3-4204-8572-32586ccc43ec} 6008 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6008.3.1010825542\959897678" -childID 3 -isForBrowser -prefsHandle 3696 -prefMapHandle 3232 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {1d06799a-e094-4823-ab31-98bb5137531c} 6008 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6008.4.1178546909\1754330827" -childID 4 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {e353dd9d-71ca-4c76-94c3-698487a76df1} 6008 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6008.5.1950570242\2118776909" -childID 5 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {cc5effe8-f069-4148-bba4-0492fdfb561b} 6008 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6008.6.920604803\485535370" -childID 6 -isForBrowser -prefsHandle 4192 -prefMapHandle 4196 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {57da07c3-13b8-48bb-95c1-4c45e8a814bd} 6008 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="6008.7.1914579131\1283387999" -childID 7 -isForBrowser -prefsHandle 4588 -prefMapHandle 4260 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1268 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {0239435a-01b7-4b80-8563-01d53fa1798e} 6008 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe --port 51558 --websocket-port 51559

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQv4d17

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQv4d17

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3080.0.1444043224\189644004" -parentBuildID 20240416150000 -prefsHandle 1728 -prefMapHandle 1316 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {2a61eb8d-e57b-4b9c-a43d-c640e6e6dde8} 3080 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3080.1.825937620\35031986" -childID 1 -isForBrowser -prefsHandle 2624 -prefMapHandle 2588 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {f5a590b3-52be-4e1c-a06b-c91294676e63} 3080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3080.2.372024039\1180014711" -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {71341434-d099-44b7-9f77-bf0af11da234} 3080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3080.3.1070790320\402850130" -childID 3 -isForBrowser -prefsHandle 3500 -prefMapHandle 3824 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {f2652dd5-41b2-4a89-9ad1-d72619d9839f} 3080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3080.4.764106658\1019053579" -childID 4 -isForBrowser -prefsHandle 3408 -prefMapHandle 3516 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {85164809-9489-4280-8f3f-314f3de2d4b6} 3080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3080.5.549434712\1791720708" -childID 5 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {918b4629-984c-4542-bac2-8b52f909256b} 3080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3080.6.1044029356\750272146" -childID 6 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {aac2dcea-e92e-4dfc-b5d2-9de15e38b534} 3080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="3080.7.2112747950\1352052181" -childID 7 -isForBrowser -prefsHandle 4536 -prefMapHandle 4044 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {6e045f8b-3e7d-4045-a8a7-d789a3095865} 3080 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe --port 51558 --websocket-port 51559

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0wOScB

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0wOScB

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.0.1704814599\1329445403" -parentBuildID 20240416150000 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {4a76dd6c-3750-4462-95bd-7e7777a28e6e} 4880 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.1.1354403867\865812426" -childID 1 -isForBrowser -prefsHandle 2716 -prefMapHandle 2540 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {5590579d-b29b-4647-8b1d-9161b9864ce3} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.2.903469383\1200578778" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {8df7ca97-f1b6-4b44-b0ee-b0c4a5bb08b0} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.3.452420389\1970242644" -childID 3 -isForBrowser -prefsHandle 3316 -prefMapHandle 3304 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {0cc633d8-a8bb-427d-abfe-d82634f18ea3} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.4.2044764354\240224075" -childID 4 -isForBrowser -prefsHandle 1532 -prefMapHandle 1444 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {f1036adb-4b7f-436d-a9f9-a6fb528fc457} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.5.1750846383\1360056073" -childID 5 -isForBrowser -prefsHandle 3964 -prefMapHandle 3968 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {448923e0-c5b6-42d4-baf6-0daa8b09f37b} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.6.1450943790\642063120" -childID 6 -isForBrowser -prefsHandle 4144 -prefMapHandle 4148 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {ebec5606-d2bf-4009-bb2c-a47305c265d6} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.7.1076850681\1368748066" -childID 7 -isForBrowser -prefsHandle 4572 -prefMapHandle 2652 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1224 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {35006930-264b-412c-9f98-72bae51840c1} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe --port 51558 --websocket-port 51559

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="216.0.1687106983\338691859" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {a69933d5-0f88-4882-8f4c-cb1d2362537b} 216 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="216.1.2147266845\2010625005" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2628 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {789a7350-9572-46f0-9731-14e5d0b7c506} 216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="216.2.242727696\824699048" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {72e7b58f-8554-41aa-8ded-fc1a6e7c7c39} 216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="216.3.111945887\1252642642" -childID 3 -isForBrowser -prefsHandle 3272 -prefMapHandle 3260 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {6cb18def-bf6d-41b6-8fae-535d6daf9137} 216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="216.4.783239290\832476687" -childID 4 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {a385e101-ad0f-4d1f-874b-6bcfaa6d261e} 216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="216.5.156897508\1411063262" -childID 5 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {41b7b070-7054-48d8-8663-9204553ec116} 216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="216.6.931020457\414666674" -childID 6 -isForBrowser -prefsHandle 4060 -prefMapHandle 4064 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {5e23189e-db94-4cd2-8aae-907edafaf0bb} 216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="216.7.1634593562\1794192981" -childID 7 -isForBrowser -prefsHandle 4536 -prefMapHandle 3452 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1260 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {e2d11fbd-3015-41e2-8535-07d1a6494d29} 216 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe --port 51558 --websocket-port 51559

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLPV1kx

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLPV1kx

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1084.0.214034777\285714707" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {e7f9b5ad-fb1a-4e6c-9efb-4e6c7d76f21b} 1084 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1084.1.813119682\2084258594" -childID 1 -isForBrowser -prefsHandle 2416 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {5ee98710-1ee1-44b7-bef7-2fefa44e8fe2} 1084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1084.2.207189272\1429117265" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {211da67b-3630-42f8-aff5-061519d9114a} 1084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1084.3.1603026714\93773213" -childID 3 -isForBrowser -prefsHandle 3240 -prefMapHandle 3316 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {7950e3a1-b21e-4856-baeb-c402df0e59db} 1084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1084.4.1021809633\4994614" -childID 4 -isForBrowser -prefsHandle 3436 -prefMapHandle 3832 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {594fe6e5-acd6-4200-a8e8-00a8116fcd74} 1084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1084.5.1248119451\477241574" -childID 5 -isForBrowser -prefsHandle 3964 -prefMapHandle 3968 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {3392ddcf-402c-41fc-b189-cebbfacded99} 1084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1084.6.1251563064\1695459122" -childID 6 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {8a5b5386-1648-4851-bbd9-69d85a050639} 1084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="1084.7.253346288\719800871" -childID 7 -isForBrowser -prefsHandle 2492 -prefMapHandle 2584 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {781bd75d-b027-4fad-8b12-b1dc0d14404d} 1084 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe --port 51558 --websocket-port 51559

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGAvHNm

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 51559 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileGAvHNm

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5512.0.699100786\535047136" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {637bc6d3-4762-4354-8f9b-4544aacbc85f} 5512 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5512.1.864986974\1554966826" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2716 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {28b19489-12a6-4321-a845-f7fe5f415a31} 5512 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5512.2.1968066863\1624532247" -childID 2 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {fa342649-2074-4096-8774-ad103ee6315b} 5512 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5512.3.1601630455\571569029" -childID 3 -isForBrowser -prefsHandle 3336 -prefMapHandle 3448 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {5704a121-7e1c-4cc6-84aa-9e93781aa70c} 5512 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5512.4.1639821644\1729466993" -childID 4 -isForBrowser -prefsHandle 4036 -prefMapHandle 4032 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {58ae19a2-b85d-4a63-91ea-b388712b3bca} 5512 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5512.5.1686747300\1579965969" -childID 5 -isForBrowser -prefsHandle 4104 -prefMapHandle 4108 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {d2666a33-21ad-457e-a0e8-b6ba49dbb16b} 5512 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5512.6.1091225388\606447917" -childID 6 -isForBrowser -prefsHandle 4336 -prefMapHandle 4340 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {be5d749d-3581-4a88-ba4a-6d7e516e394e} 5512 tab

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe" -contentproc --channel="5512.7.912024563\2021062164" -childID 7 -isForBrowser -prefsHandle 4720 -prefMapHandle 4868 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\browser" - {2ce3fa7f-c4a7-4c94-a81a-aaffa08c2881} 5512 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
BE 2.17.196.137:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 137.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
BE 2.17.196.137:443 www.bing.com tcp
DE 45.9.60.140:9001 tcp
US 8.8.8.8:53 140.60.9.45.in-addr.arpa udp
DE 45.15.157.177:443 tcp
US 8.8.8.8:53 177.157.15.45.in-addr.arpa udp
DE 23.154.177.19:443 tcp
US 8.8.8.8:53 19.177.154.23.in-addr.arpa udp
PT 85.242.70.212:9001 tcp
GB 144.48.81.150:443 tcp
US 8.8.8.8:53 212.70.242.85.in-addr.arpa udp
US 8.8.8.8:53 150.81.48.144.in-addr.arpa udp
N/A 127.0.0.1:51637 tcp
N/A 127.0.0.1:51639 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51757 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51765 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 13.85.23.86:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 13.95.31.18:443 tcp
US 8.8.8.8:53 udp
N/A 13.85.23.86:443 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 udp
N/A 13.85.23.86:443 tcp
US 8.8.8.8:53 udp
US 199.232.210.172:80 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:52175 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52183 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:52496 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52504 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:52821 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52829 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:53149 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53157 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:53486 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53494 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:51558 tcp
N/A 127.0.0.1:53843 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53851 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI14522\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI14522\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI14522\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI14522\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI14522\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI14522\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI14522\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI14522\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI14522\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI14522\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI14522\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI14522\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 f3f55cfed1db00a7ca5b252c8da9daa6
SHA1 7d701244151349bee2e580e2b791b1fc47d0f402
SHA256 630c7cb6f3d4fb4710faa84302294565a60a1ba723d331cc3002bf73f8d0431c
SHA512 de13880db5aa19cc11562eed00bbf6109d21f1ab0825c97d10c35ce4044e1eebbf7b9fe47a712546cbf129fd75e33cc1f92656742194f01e8dfe652eda1e6f9b

C:\Users\Admin\AppData\Local\Temp\_MEI14522\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe

MD5 ecd8efd4cab1e6f7d84483c09c9ce6b7
SHA1 aafe438def0edbe9176f462d1e4e8c4a1883540c
SHA256 5032f5bb47f24f8e677397e347fdb4a501b0eda42f5d5aa2f5186edadf9838ec
SHA512 eb40225be2070f88465d35b56d5fd2f94ef4a9ead2306ce5c81bb2fa31b1c252e7b8f57befad32130023c5893fd1cb499c387daeb9b760ce2d008691c5359ea9

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 3523c9789f0591fb27ca293b21121386
SHA1 80372a10814348d3701d7f933e8bd3804817ab9e
SHA256 5228d4e36c2ccca13ed10a4f0df9069949481229a64f27bd62afde158b2590c0
SHA512 7c082f3586b577de6f40ad2d19ef1816866193e159363a267084e24944830cd6ec7cb19374e3393a50166f83a9e2787d3773c5ca36ca143070dc63569ead53c4

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 76751f2f03b393fca965628f50b0c8c3
SHA1 a172d5c43e37ca1e00234426cdf751ffaa0f494a
SHA256 5470d18e2c1a49035a23416e6d35e6eacd8f2f8492e40e93bbfbd673aea328db
SHA512 8f451ae2d118eacceb410ecc4779be90c911aff0bb0f0aae5827c1488deab0f77b236f61ac525fef4253c12730c3f2acb4ccf5df411e1c09a947e665ca554bd1

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 eafb41f5645a7cae998d6cd243be6ada
SHA1 fdb83d0ada365d1c95d68fa756ef28c30303e9b9
SHA256 fe7551d078fb3a6f56ce355138cf9e939ede4367cc65c8a78ebbd5acf913f963
SHA512 f971f408fd940e4e675e29aa694ce1b5394e4781cafd7c72843dd71d5ceeadcc9a89bf94ec6da2c1bb3d0137cd752db5622b4ad4c5af3a87c861fb84444aff42

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpqveimvbs\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI14522\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI14522\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI14522\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI14522\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI14522\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\tmpqveimvbs\webdriver-py-profilecopy\favicons.sqlite

MD5 f47bfead9966111964bebc8ec3163ab0
SHA1 bf3e0bd1587586df666df9f9bad15c0e3c622071
SHA256 a446a405d2ad835f44a9a9c61646c788a0bbd2158b2ba7cf0f2de4788a46629f
SHA512 eac16c18d8d5f75580aec3fdd9ed9aeb25f8469910c7e1c7f98c4d15f4151e442fe2b2cb683ddf7882e3cef2107d542e72bcdc560d498ebc9651a5bdcd018b5d

C:\Users\Admin\AppData\Local\Temp\tmpqveimvbs\webdriver-py-profilecopy\places.sqlite

MD5 53979ab0bb6af588eafd096e7ddec628
SHA1 6a8efe246b23c243d93d8f020b21cc2d49c81816
SHA256 a0b39a28c4af2db84121332570441aabd2ff293b19e5728424686f0dc87454c7
SHA512 3107d390f3588bdae429d05b7c6a3afc5d037cd7957a1b11a59ce493781a7e140a3df0cb8bd1183e6b762dc7254d0448f36673d448d109440920c8d0c664086c

C:\Users\Admin\AppData\Local\Temp\_MEI14522\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI14522\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI14522\top-1m.csv

MD5 6bc719101021bb8c9e330d64b93400f0
SHA1 c417dc4af8861f15d06a357e62e3e31758b8758f
SHA256 23fceb35195ba1bc6c79c5cee901621f132380b46410d2c9ce99fb2605341462
SHA512 8a97ea8e892e05bb10cdb8bfaa1e03af719ddce07182ef42b1e8c1f89e0fffeb23736a6a98e3645e1ab942c09f3158efd13477eca1d8afe925c2e0cfa8906647

C:\Users\Admin\AppData\Local\Temp\_MEI14522\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI14522\Tor Browser\Browser\firefox.exe

MD5 4b8a97c46229512e9cdd73103b9dd509
SHA1 6b00b5f1ae7f031ab3df533bd0ee620100fc9e39
SHA256 3f00fd6dd1d025f9639e1bd3a5e0f01dd273abc095bce9886a5cbdfa2da23c0b
SHA512 d0b554cdfce241affc78e0b47a9ad605d41fb28771fe155f642f00c0824272cddb54a706eff77a3bafd84c7124e28ce09a51da10ffc97d862eb9bcf8faff381d

memory/3800-483-0x00007FFF64BC0000-0x00007FFF64BC1000-memory.dmp

memory/3800-482-0x00007FFF64540000-0x00007FFF64541000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevfzYGx\extensions.json

MD5 21fd459a2b1bb29e20f4864eed177f1e
SHA1 73c56e0bc9c6b623cc401106ff312a627be8ad75
SHA256 b7bd1eb49cddfcdba0eb66e508539438513d7451a7af27ebe4a7e3f1ea5a4062
SHA512 7e61bd2b21a4472a50489b93bd454fe2a419030a93ede2a3c5b262ca818cf55b924ef40af2aec97f753d50b92c37d08382fbae1301e472e7a2c7e63bf3e88c8a

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 cd3281a0b0f0f127e43390186bbb40e1
SHA1 43f0dacb865a72f10f0f7e3967de8e05ca85d8ad
SHA256 4e64cc3e36de4108745a478e6399f800cefdfe2aa883411a78811d8977514335
SHA512 2b57b6cc8ca6d511190605e0fdff37f498478803d5c8047d3031e3bce4450c8b7d3774453c4b9c3c9d9e191e8bb724617ebd5e6201632d63784dd0610967d27c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevfzYGx\prefs-1.js

MD5 a4cef7f206bdea783ccbc8748376f3f0
SHA1 2de1c991c46cffb8634bcc71e43314a299e6b42a
SHA256 befb55f020bb6582ed207634e9b8e31be52f7f15470b36f0c4ff66f5fcca18bc
SHA512 83904bddf5483fb2bcd9d17a43b9e90aba81e8c554993158c4c713c998b009e4d781b7be80bd338a5b9122d3aa6c49a6e0cb4db6339e04d0125fc9984d667df3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevfzYGx\prefs-1.js

MD5 49c9a5a1186df2c835d87d3071d7b232
SHA1 149f83c7b113c4b3af956f84b6327caf5a74ebb4
SHA256 386315a633a6211023599eafa943aa66ee70d3850c86e36843c047ada648ef5a
SHA512 2d495a42a658e1ee8b7c56c9477f4a16aa4ab73228f047e2115a2a41d63161081687a5e57ac49883e2944ad291888c84f0451bbeffdc9e8d2e972af647812d50

memory/2856-661-0x000001D461840000-0x000001D461850000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevfzYGx\prefs.js

MD5 9ec13486a99fa813b4c7e3e35baec2e5
SHA1 0d50efd0436a374b99577da532dcaba49c7ca5f2
SHA256 5a52fc8c389a8f9b6aa9d9a313127a8c3505425a3fd4d80b541e8d422328a76a
SHA512 fa6e33854f4b2e6af6cfccf331b168e5c563a2de4e8a015fb8344c47c0f6d7b89f455726b6ab4f4f3cb4e6258d6112c6d7115934ff2a14a0517877c1357fb092

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\prefs-1.js

MD5 6555820a5f0395e57a4ac7c2e5132553
SHA1 4ca5843f0fc4da2681ab3dcaa8bbbf1c738386f0
SHA256 5df0c4332a98ca40c724178ca16eea5719c0bea1d3f592a9aaa6bde240fa0024
SHA512 ec81c923941cf35fbb41401ddfc4d47a8029546c4e7aa4a31085762c7a8194682ea838bc4be8d790d07ceeb47e6f73711e382b5fb47be991f251217b3694aa2a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\startupCache\webext.sc.lz4

MD5 cca3b40d05d9303ecb19cec5367174d8
SHA1 33d68c24a2ebd53708350bd94fa64c682927f153
SHA256 bb175073876d04949f70a0a6c69129f45f68fcf27b3efc637645b8b11c4cee14
SHA512 4ec97c877d22bdabae0674036ac25c6cc4c1e2a3503290bf362469e1dd642983dc2b304887bd774b464ffa245717f20673102a5eadc8312c8caeb68327b146b5

memory/6008-947-0x000001FBB3A40000-0x000001FBB3BB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\prefs-1.js

MD5 e1bb53475eff4c1ed8feabf493aaeeb4
SHA1 f1b4ca826431b89b9964e1e11b3ea18a7fc5d004
SHA256 a57557a2d8043259ccbc7fa7d8b312f69852b74fc95a99e1021a91bfabfab464
SHA512 b9cd9ac0e9271ec2a79e6f7b76b994afe9f77f4d1d63f8ae5b43eed7578bc55cd42978d06eac66c26792369fa3993cc5f8dd3871dc45133891cd233cda9f5f43

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilefYwDaN\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQv4d17\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

memory/3080-1172-0x000002E86A4C0000-0x000002E86A4D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQv4d17\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQv4d17\prefs-1.js

MD5 c802a23083591fada532c989b5f7ff4d
SHA1 56622e94165e5eebf43b921572957dde8c7a4fc8
SHA256 9b359831e8233f58af9fd64d44a83306da967a750424d15222a083e1de43445a
SHA512 6e8b8e3e43fd1c8f9c9aaedd7479d290d624fc68b2ec0a48fe5a3d9fbeb6a683b4e95f0cb9d0850d26fd9347f1070d0ab30f657c0676fd19651d581adaf5a2cc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQv4d17\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQv4d17\prefs-1.js

MD5 19060b0c18dcab3736ebd0b148dd4b8b
SHA1 69dc1ce7f21c4289e586d508b50730ebcdaada46
SHA256 ee9dd66fa7715760ba22ec64f7cf67437febf0ca5eea492d28a0fba15de380b0
SHA512 5bb101a03bccb71567b3a64b4464751e9cb77676c33844a80716848c35e839c1b55fbd0e38c80b4df2854ddeeb2abb83cc7f750fd5b21110e429a43d8257b66e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileQv4d17\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

memory/4880-1461-0x00000208CC1F0000-0x00000208CC200000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0wOScB\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0wOScB\prefs-1.js

MD5 bbe88f6aed5221164d6ab0602aca4810
SHA1 4cc407973d2ae4cbb02142872978d9bc21e9841f
SHA256 fc71430b726b42f4dacaadce849d95c771961a536c91b5675021f42e00a1d8b0
SHA512 e376c231ce8a8ad4b8427cf18e9e2290959e6164789ebb6fdd1da820ce697d09a896c60f5f8d60395963ff219cda5eb6d3e0e6cc275499ef8094e96e1e26f8b7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0wOScB\prefs-1.js

MD5 2c79fb0fa31496c5d29fab2ef3832b0e
SHA1 ae5394ec3b0e30f5f2ac7a103cecdc0458a4a433
SHA256 4136cdfc246a3d7eac2e835751196a92f2aa784efb8d610a5d13833c25fd9f3d
SHA512 42c9c63dbea61124166f46ed81f0435956b48254232e34ca1d43565b052f84e1f5c2d89273e3f8680e10155200afa91cc67538add925cde94c26d1d20b1d046a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0wOScB\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0wOScB\prefs-1.js

MD5 1ab8fb48c05e42b00f08068b01cc6ccc
SHA1 595e99ffc158d6ccbbadf7001a303ba0f2b03549
SHA256 556aedf54f5aecd8639bc4ab345759c683f23fbbf759bfd17adbbf15749daf79
SHA512 6ddaf5a98f69f7d28cba69ce748af91eebf5df21d2e74eba0a69353f209a393f37b9dcae985916cc9c5ce072faa448db0c3517a5b02cff196ad824d6c9ca8cb8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv\compatibility.ini

MD5 1ce4fa9719bd74df3aaeacd7a18ef139
SHA1 b60064963821a8c2c9fe7409e54e093bc64c1ad3
SHA256 06e2b571b4f19b42ffd8549dd99daa150ea779d5a6a315a42f8d76fbc2588c57
SHA512 72a5ec6412ca615dc702c8a3714b552aef5e61891cdb499c6d557d9308e7fde66f60cdc7a1f3cff590cef6a3458b12f18139a7062c3559fbc3d130102136b32d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv\WebDriverBiDiServer.json

MD5 d48006c27873a1da244f378404f405b4
SHA1 7326cce95e091a641743e107fdc487149d34df1b
SHA256 1249c3efb7a1f5a5742d5d6bfb7803f98f91a2f3d356e224c2352243bee11e2b
SHA512 f000b069e4daad375613d0300fade9693d2e894d335ef2b2af0e0e935ef23f73bb2fbaac224fa8ab1b0e36a40b201f446edf0811201093da598d1f92aaf14ef5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 2a4299adc3ab2dd7f4ff5ed0257dc84e
SHA1 6e7372a456d868b660c6b00c838279f0838e6240
SHA256 3fb66f99e8d4638dd0e7652efc84ce7ee8099fdf96e9942b592f11724b3fbfab
SHA512 2e2765c8c13376851962d320322b6596b9d12ebc004025be862b3fe0f58cdea3a65ff7d0a0de0cf9cc96c02d9115bf8e24de5f193c486c557276b1dfba1d1cc1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv\prefs-1.js

MD5 57cf343fe6d29f8e7239b2d152a67480
SHA1 c78dbccbe3e9d9415659ad94949b104cdb2b617e
SHA256 fffddb1a11dfa7cede49944b09d39dfd85ebeb402ec533e001e654623d620556
SHA512 2d49cb056f57f2ab4d3151d9f9097089caea75bce4507815f442ce7e895ed3bf202d9f0d5235dbe3748125480b92cef9e21b7b063bfe228ea6486d244566a35d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileL9CeLv\prefs-1.js

MD5 0e72d7319107e004ea251a311b2a815e
SHA1 6b2c6c7c961943c3e9d6ee4b0bf41fe904777854
SHA256 b9cb585e882444eedd3f8194b3c65c50ab2768f63cc24c47f742f599d8ae8d06
SHA512 bb970b70ac14bcc07ddb7b0241a015d7342a822dce05854800a03463cb3232a8f23ddffc4382c9d492843b330ffed47d020e8599c48df33de7bf7b8fde624a94

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLPV1kx\prefs-1.js

MD5 ab29a8bfc049045c05f1b8b978de06f3
SHA1 c0f87f13e641ea8d1348033786487e890e9e7ee7
SHA256 099d7cdf9dc7b0471f78d57246923335e9f38f5875f2d584952f84aef684ab8d
SHA512 098e1fb99ab2e6a0945447c424eac985293bce31fbedd5429501a43111fc81d4fc0f395bb529b9a3d42fac856e043eba1c0b94f83614a6307b9d73de0e8706ef

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLPV1kx\prefs-1.js

MD5 4e20958e778beb8ea09719157a441cc6
SHA1 834958bef8f9712317f1305a53b7c2f073d6a585
SHA256 0cb91f1eaeaa0393785cf16bc68e0cb9acecec6429f98f354edff279006558b7
SHA512 19f98d5a417a0eb8684e2c95fae71ce619bc113e4be33c863424f958e9f24413fe0cadeefdbac7e7866495c48b0ded67761f20237beb9236cbc2d52a94d47794

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLPV1kx\prefs-1.js

MD5 13faf4026f6c7f1a0f5c9bfc3469ba0a
SHA1 7edbe0c34ee5891fb5be200057550d1094b4bb9e
SHA256 3c0271c324b94ff8535a6271f51f5b5d417666c369aaaaa16997e430c4944d3b
SHA512 acc1635fe425560d686db316fe6f1c222739b12a2bf59cd261ccc4bb7a5bb641c4752e41864c71f36c4143d21ce51f13ed07383f110fa8dea6e8741ba587a130

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileLPV1kx\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win7-20240419-en

Max time kernel

295s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1996 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1996 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1996 wrote to memory of 2004 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2004 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2004 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2004 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2004 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2004 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2004 wrote to memory of 1760 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1356 wrote to memory of 876 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1356 wrote to memory of 876 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1356 wrote to memory of 876 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2004 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe
PID 2004 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe
PID 2004 wrote to memory of 1684 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe
PID 1684 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 1684 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 1684 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2948 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe
PID 2992 wrote to memory of 1968 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe --port 49472 --websocket-port 49473

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49473 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWtsuMp

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49473 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWtsuMp

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2992.0.1207207224\965885233" -parentBuildID 20240416150000 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {07a907d7-a08b-4dbc-92df-e8bdb1837d1e} 2992 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2992.1.253368492\621287141" -childID 1 -isForBrowser -prefsHandle 1724 -prefMapHandle 1792 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {18c1b41d-684b-46b1-9271-359c1f6ecb07} 2992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2992.2.1542650002\893957753" -childID 2 -isForBrowser -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {095e4086-cadd-4b17-8dbd-cac84e74a5ed} 2992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2992.3.818279577\420180616" -childID 3 -isForBrowser -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {d7b1a1fa-6310-4858-9a4b-2eb1f688f9f4} 2992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2992.4.444544341\1367847795" -childID 4 -isForBrowser -prefsHandle 2820 -prefMapHandle 2816 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {6dec2e20-8b45-43c6-a0e4-6d8074a330df} 2992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2992.5.386295550\906066701" -childID 5 -isForBrowser -prefsHandle 2932 -prefMapHandle 2936 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {7442663b-4b52-4106-b2a8-84e523a0cafc} 2992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2992.6.1436600590\1772741106" -childID 6 -isForBrowser -prefsHandle 3088 -prefMapHandle 3092 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {5702b381-1d36-4ccc-b4e7-78fac09aa3a6} 2992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2992.7.286770007\102270619" -childID 7 -isForBrowser -prefsHandle 2560 -prefMapHandle 2964 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {f96783f9-1357-452d-a271-438f220959d8} 2992 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe --port 49472 --websocket-port 49473

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49473 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49473 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1952.0.1129580447\275238417" -parentBuildID 20240416150000 -prefsHandle 1192 -prefMapHandle 1172 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {eb5e680b-08ac-4825-a5da-1b8d38a12d70} 1952 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1952.1.1108074870\273077646" -childID 1 -isForBrowser -prefsHandle 2208 -prefMapHandle 2220 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {44738867-399a-490c-8152-3edba684ad43} 1952 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1952.2.554142018\1382186394" -childID 2 -isForBrowser -prefsHandle 2364 -prefMapHandle 2368 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {ce0c71f6-09ce-4b79-85eb-e76d13b99d10} 1952 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1952.3.1582432704\998207388" -childID 3 -isForBrowser -prefsHandle 1716 -prefMapHandle 2360 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {2afb16fc-e940-41ce-b2c2-65c15aff909b} 1952 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1952.4.874172161\18980276" -childID 4 -isForBrowser -prefsHandle 2772 -prefMapHandle 2776 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {5514cc2a-e245-4a06-926f-31a930563c84} 1952 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1952.5.1521672989\1328448091" -childID 5 -isForBrowser -prefsHandle 2892 -prefMapHandle 2896 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {cd8348e2-f03c-4e25-999f-1a060a890006} 1952 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1952.6.1956408691\1054754833" -childID 6 -isForBrowser -prefsHandle 2988 -prefMapHandle 2992 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {11bd4dff-af60-491e-bd48-848ce7cbdfe2} 1952 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="1952.7.969436894\809666199" -childID 7 -isForBrowser -prefsHandle 3396 -prefMapHandle 3268 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 848 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {bff9ad7e-9781-4589-94d8-ade1ca2679a1} 1952 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe --port 49472 --websocket-port 49473

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49473 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUhJoDk

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49473 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUhJoDk

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2980.0.1718215474\354863794" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {113a9398-b3b5-4ea0-874f-8ec77c906331} 2980 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2980.1.1711262229\1159728956" -childID 1 -isForBrowser -prefsHandle 1776 -prefMapHandle 2132 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {3a9d0836-a7b1-4683-845f-9824af8be606} 2980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2980.2.994680294\774104951" -childID 2 -isForBrowser -prefsHandle 2232 -prefMapHandle 1896 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {de329309-c5df-480e-babb-971251e4a644} 2980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2980.3.1045035970\313140431" -childID 3 -isForBrowser -prefsHandle 2384 -prefMapHandle 1956 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {7960c84d-39ae-4460-92c6-7ce5f7463f15} 2980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2980.4.289234089\1074791993" -childID 4 -isForBrowser -prefsHandle 904 -prefMapHandle 1072 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {09b3fedb-8c7c-45a3-a675-320ed1152316} 2980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2980.5.2065216061\930857088" -childID 5 -isForBrowser -prefsHandle 2920 -prefMapHandle 2924 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {de1ad81b-7347-4734-a7fd-b271b023ce21} 2980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2980.6.893497707\1310152731" -childID 6 -isForBrowser -prefsHandle 3008 -prefMapHandle 3012 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {5a037c84-f377-4f16-a31c-7938934608ba} 2980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2980.7.1733812194\1883887327" -childID 7 -isForBrowser -prefsHandle 3536 -prefMapHandle 3532 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 872 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {964e440a-de6e-439f-81d9-8b42f7f347a6} 2980 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe --port 49472 --websocket-port 49473

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49473 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePCV348

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49473 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePCV348

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.0.123591298\2001883343" -parentBuildID 20240416150000 -prefsHandle 1252 -prefMapHandle 1244 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {c7c65cd4-e517-4f17-b484-63dd4be494d8} 2848 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.1.604580211\1475422142" -childID 1 -isForBrowser -prefsHandle 1580 -prefMapHandle 1576 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {15a92865-6d53-4fcc-8337-f8ddf6360a63} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.2.1367162453\1557761456" -childID 2 -isForBrowser -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {20c6d537-6e0f-439e-a2ee-10e688f17c63} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.3.860144858\1739868850" -childID 3 -isForBrowser -prefsHandle 2508 -prefMapHandle 2600 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {375d6bf4-0a7d-43a8-b926-63f14ee209cd} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.4.562685432\1938125621" -childID 4 -isForBrowser -prefsHandle 2756 -prefMapHandle 2752 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {e73448a6-0271-4b1a-9117-5acca1a3ec3d} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.5.1046288759\1529591584" -childID 5 -isForBrowser -prefsHandle 2884 -prefMapHandle 2888 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {87edba4e-c274-4a8c-bde2-78cbd899ec26} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.6.441767105\1625325601" -childID 6 -isForBrowser -prefsHandle 3040 -prefMapHandle 3044 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {96327bb7-7629-4312-9f34-78584c92c6bb} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.7.537445957\1038113358" -childID 7 -isForBrowser -prefsHandle 3428 -prefMapHandle 3424 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {0345a217-3a3a-4543-a407-970b728ec96b} 2848 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\firefox.exe" -contentproc --channel="2848.8.1729995292\1809556197" -childID 8 -isForBrowser -prefsHandle 1152 -prefMapHandle 3540 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\browser" - {dd1016a7-c0e3-4890-80d3-dcf953897cb0} 2848 tab

Network

Country Destination Domain Proto
PL 45.141.215.62:9100 tcp
N/A 127.0.0.1:49517 tcp
N/A 127.0.0.1:49521 tcp
DE 148.251.236.209:8443 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:49670 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49705 tcp
DE 185.177.229.20:465 tcp
GB 81.0.218.34:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
DE 185.177.229.20:465 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
DE 185.177.229.20:465 tcp
GB 81.0.218.34:443 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:50230 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50265 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:50731 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50766 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:49472 tcp
N/A 127.0.0.1:51262 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51297 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI19962\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI19962\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI19962\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI19962\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI19962\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI19962\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI19962\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI19962\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI19962\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI19962\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI19962\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI19962\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI19962\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI19962\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI19962\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI19962\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI19962\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI19962\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI19962\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI19962\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI19962\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI19962\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI19962\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWtsuMp\extensions.json

MD5 bf0ba0afd18b9d39720d64e42e6faaed
SHA1 f7b764402260fe5d2a14f33690f894d741f20570
SHA256 eb2887b0bf1b10e462b6d57223c9ebea8bc7ba991d7783c4f1a2a420ca66b566
SHA512 c9186d3dd7d8c78c13951192c351a3178f91fd4e54255d1f24bd2f15d049886b2afc28ba3e64aebbf46952d0d85dd770272062f98b1d351fd3d38d146b7622a3

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWtsuMp\prefs.js

MD5 b8642c7eeead9c48d83c0e43b28427d4
SHA1 1cb85da0dffe511b548d88d84185ba9d827e38bf
SHA256 974d472129f87d19fbf69c4e875293aaa0348e7138be543e522cb58b39998351
SHA512 459bc60a568a7180de69533118da2d0b783b289c5ad96c93d6afecd707709982196c44ca1144b1c1460ddd7dd76cc95ddf3311cfcede06a71ac552f2d80f9733

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWtsuMp\prefs.js

MD5 99d3f02055dbdac6f671d221eeae65af
SHA1 692ff8eb9b8b8e57999e63b50102d382391fb742
SHA256 8a34b2b7725e533c9f6c80e1a4585408bd0b4224f1750ebe22468d2978b6123a
SHA512 1fc88b06a1a71a17f1215180fa640b794a79cc61e162bf942f97d06368e49f12945d4b00044b5fcaac5057278e06648a303d922516b711b0312bb767c499c4bb

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 f728071de36f5f7587eee402f6a5e926
SHA1 c5b59cb27cb41a36c9257e47a3f5cf139605f56e
SHA256 3e30e8dbb5e1a46cd4b0dbdb60566cd3a00081dfbbb51840de3b629dda081cdc
SHA512 4c7ae7e28a0576eb6e50529856e3b85ccebc484301a9dffad3cbfff1f8cf876ba1ee1fd878bed2a36481dfee071db91e40dd45d9fd1a21489bc66f40fe87c6a4

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWtsuMp\prefs-1.js

MD5 5a7385c1ec81dd4f959c6602a3a74834
SHA1 8f357393de45c39783d6018a914faa04ba0d3f94
SHA256 c1c7a29e9499243c139413abb770cbbbc046b6f1f5fdfada445a7b266bcb81b5
SHA512 70f03b5fc43aca9bb470595df1d2f7dbbb60d9310f0e7832c10d3a4091df5b6e4c1b8644852327736e4a9a10be92710f3fd8c49590665eaea8e610b7107e4352

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\startupCache\webext.sc.lz4

MD5 77de2fb427a85bdc3ba98668b1d3f68c
SHA1 dcb194d90a40fc3ff632d7e8e79131b2f6586520
SHA256 01dc42ba2ea4d68f05b5d71c1d24355ecb49ce4a0dda51e12f178b42cb5529b7
SHA512 0bcf49c5e592f6309dbe74c8245648fa658e1cf77348cd36bb93963c21a85aed1c7ea0669d50b3e2be1c1e27d183e05c8589bce8e1feb582e6e749dddaa5786f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\prefs-1.js

MD5 3f74c104916ca6921b99f585bfb73093
SHA1 e38afc22a3e071b959af1c59c4d0fce54062a14b
SHA256 f1e521412ffb7d767d35eb7f2475c101091625ef4ed5b7a20b8d2c417bd36b9e
SHA512 375dbb8cec85acf693725ddac6f57a63ffd37be8071b2cf274c26284b281101669e835604c959be82f042a62f0e850d9caa4d188e595809e2af6e425254111a5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilehT0x3q\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUhJoDk\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUhJoDk\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUhJoDk\prefs-1.js

MD5 c293ea400eaecd2ceebd5dc4b0f02ecd
SHA1 47440be792d2b693baea3e2a5a724a61fa6a8516
SHA256 ba361d5f63f0abdf6a38f3331e5900e49e7613c886829d87e097cc36d2609fe3
SHA512 e0d2246d177e436d36e82f0a4aa1e86f1e515b3d4626a27fa95630f780ff3f5285e8c11f5bd4f505abb945004361d7e93bb3a6838aa0d7442c370f48ee3c7526

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUhJoDk\prefs-1.js

MD5 094e58a499b797f0a79a59f022bb5f13
SHA1 566ead538407c5b3b3dcea5535433eeeb6492e83
SHA256 4fe8e905552fc6ae306d600ac30d04cb4de819ea985b647383e65af91b25ca7c
SHA512 1d773b5979cbaa0da5e9abe710c59d9303d43bbf0911a86ec72cfb7361337a854c28b6e795c932cb070a96d835a4fc21ebafbb31df4800650cda811303f32c1d

memory/2848-2122-0x000000000A620000-0x000000000A630000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePCV348\prefs-1.js

MD5 7aaa6f6e75b35049021e351c0b34c0b7
SHA1 797c105cd6f05f4df8bf4c7cc46aa3e0efff1aa3
SHA256 3c7db32a66494157f71a9bb4e0f913a903d238c0ecd5d175542289a5a2132d6f
SHA512 60cd57be6b295d2889d442c4d815ceda9f38f777cffaedd7523834e65a5c056e81422c96e1eb95203f9f1614a445b20dd92970515c87e935f3e2774176eff470

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePCV348\prefs.js

MD5 16ba4ad159e426a7f90b45721195d57d
SHA1 bfecc9d76d5af72a17627fca234d8ca3c3ebc045
SHA256 ae330c90c85840705fbecc021cfe0cf840b17b902c60ff79fb7279fca40aebf2
SHA512 bf2dc38b89e645d9cb76b1148d72f7a5b5c8fece0cf068e9e2484eaa25f077f6c4248f1d7bbb6db4c71c7aceb90b67b0d6d59ad0b1b703980b36e475d0c945d1

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win10-20240404-en

Max time kernel

297s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 87.236.195.203 N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4388 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4388 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1988 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1988 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1988 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1988 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1504 wrote to memory of 2796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1504 wrote to memory of 2796 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1988 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe
PID 1988 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe
PID 216 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 216 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 3392 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe
PID 4528 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe --port 50035 --websocket-port 50036

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50036 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSFR4bO

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50036 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSFR4bO

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4528.0.1177580625\1051056561" -parentBuildID 20240416150000 -prefsHandle 1564 -prefMapHandle 1552 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {6a853b76-206c-4f2c-89f2-fe1d68f807e3} 4528 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4528.1.61629242\108158916" -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2592 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {73209084-7d1c-4587-93cd-66bd088a893c} 4528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4528.2.865347790\830971246" -childID 2 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {e4fc563e-ba6a-4bc2-86fa-7510d922e5e6} 4528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4528.3.1564195300\1483088712" -childID 3 -isForBrowser -prefsHandle 3384 -prefMapHandle 3380 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {39955db1-5017-4b47-8b47-ee0854c037f0} 4528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4528.4.582090799\11580441" -childID 4 -isForBrowser -prefsHandle 3256 -prefMapHandle 3512 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {3418d364-1720-4783-ab8e-e5d5e044f6d1} 4528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4528.5.1816808036\2094268" -childID 5 -isForBrowser -prefsHandle 3748 -prefMapHandle 3752 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {745b9669-67f9-4eed-938c-7822cf32fea0} 4528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4528.6.744225073\1653214121" -childID 6 -isForBrowser -prefsHandle 3740 -prefMapHandle 3744 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {78a4731d-36ed-4e85-8806-715dcf4f4856} 4528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4528.7.448810480\1643711390" -childID 7 -isForBrowser -prefsHandle 4172 -prefMapHandle 3504 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1112 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {6f906373-fd8d-43b2-a704-e2fba741b4b4} 4528 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe --port 50035 --websocket-port 50036

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50036 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50036 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.0.1983150881\887266083" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {fd83aa97-7435-4ad8-a057-6e013d525af1} 4228 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.1.1544862697\1621405862" -childID 1 -isForBrowser -prefsHandle 2588 -prefMapHandle 2504 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {50791f74-a8b1-4996-88b9-379cf4586b8b} 4228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.2.1235878274\1058618661" -childID 2 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {04760d69-c95a-40cd-94a9-4c007a83905b} 4228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.3.294803500\119119733" -childID 3 -isForBrowser -prefsHandle 3348 -prefMapHandle 2980 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {002ec266-a20e-445e-b4f8-5c4423c38be5} 4228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.4.167166459\2132528584" -childID 4 -isForBrowser -prefsHandle 3636 -prefMapHandle 1364 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {eef17f15-20b3-49d7-abb4-4f519ba45348} 4228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.5.1539479484\825362941" -childID 5 -isForBrowser -prefsHandle 3784 -prefMapHandle 3788 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {2830d638-1e5e-47df-8a71-7c9a87290053} 4228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.6.1604023580\1663292141" -childID 6 -isForBrowser -prefsHandle 3680 -prefMapHandle 2604 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {5967ded9-e60d-4066-85d9-681ef8a6a197} 4228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.7.86832779\2032854663" -childID 7 -isForBrowser -prefsHandle 4336 -prefMapHandle 4340 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {97473673-9597-4d79-834a-719b833878b7} 4228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.8.2096681139\1650832587" -childID 8 -isForBrowser -prefsHandle 8384 -prefMapHandle 3536 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {86c91fae-eb13-4c6c-aa40-4a4c6e3e8ab2} 4228 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.9.732116703\149755740" -parentBuildID 20240416150000 -prefsHandle 2196 -prefMapHandle 2192 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {1602f122-72cf-41e5-b21f-b94985f7ea8f} 4228 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4228.10.1889873252\275137027" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 3068 -prefMapHandle 2912 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {0a85eb20-056d-4f74-b28c-f1f1d8897a9c} 4228 utility

C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe --port 50035 --websocket-port 50036

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50036 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilet4MW73

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50036 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilet4MW73

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3160.0.971890840\1259964313" -parentBuildID 20240416150000 -prefsHandle 1492 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {eadefe79-ebd5-4008-9fbb-9b183b8911d6} 3160 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3160.1.853458310\1405351064" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 2796 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {b47cb99a-658b-4d79-b5a4-863d561b0558} 3160 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3160.2.146112559\1729687134" -childID 2 -isForBrowser -prefsHandle 2944 -prefMapHandle 2932 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {44cb123b-2d58-4a96-97ba-69fa8994fb51} 3160 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3160.3.457990684\605016258" -childID 3 -isForBrowser -prefsHandle 3444 -prefMapHandle 3448 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {746527a6-f5a0-4ed8-92bb-5fe00325471a} 3160 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3160.4.1900214715\1328714841" -childID 4 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {bab8ebe4-84e4-4357-8401-419c78932a6e} 3160 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3160.5.1345117066\1337047225" -childID 5 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {71036bd0-e2ff-4c01-94e9-a464e7667cc3} 3160 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3160.6.1655889636\1862079602" -childID 6 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {5bb7f776-c869-4939-a2ed-44d462be905e} 3160 tab

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3160.7.451040947\2127195348" -childID 7 -isForBrowser -prefsHandle 4244 -prefMapHandle 4144 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1172 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\browser" - {3a0601ba-c0c0-446d-bd33-270a3c2c2d03} 3160 tab

Network

Country Destination Domain Proto
US 199.249.230.82:443 tcp
CH 144.2.112.79:9001 tcp
US 8.8.8.8:53 79.112.2.144.in-addr.arpa udp
DE 84.247.164.65:9003 tcp
CZ 87.236.195.203:53 tcp
US 8.8.8.8:53 65.164.247.84.in-addr.arpa udp
US 8.8.8.8:53 203.195.236.87.in-addr.arpa udp
N/A 127.0.0.1:50130 tcp
N/A 127.0.0.1:50133 tcp
N/A 127.0.0.1:50035 tcp
N/A 127.0.0.1:50035 tcp
N/A 127.0.0.1:50234 tcp
N/A 127.0.0.1:50242 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50035 tcp
N/A 127.0.0.1:50035 tcp
N/A 127.0.0.1:50035 tcp
N/A 127.0.0.1:50602 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50610 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50035 tcp
N/A 127.0.0.1:50035 tcp
N/A 127.0.0.1:50035 tcp
N/A 127.0.0.1:51000 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51008 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 98.56.20.217.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI43882\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI43882\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI43882\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI43882\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI43882\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI43882\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI43882\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI43882\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI43882\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI43882\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI43882\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI43882\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI43882\top-1m.csv

MD5 9e318967e45c649eeb86ef21e8781e3c
SHA1 eb98f21ebb50de00e58234cd78e04114452d6fff
SHA256 8730f2a269fde5d383215e99648b9b22abae4a1183c7a4ee77b122548f3163dc
SHA512 1b129e7c6eebfcb5100bcff146af41cc6f52832b0ee917453a12c6fc42267b179b7105e2217eecc930c897141ab575dd2db6da9b795ee29f4592126668343383

C:\Users\Admin\AppData\Local\Temp\_MEI43882\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI43882\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI43882\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI43882\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI43882\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI43882\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI43882\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI43882\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI43882\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 3f8006361a36d8f0c286b24eeb92c7bd
SHA1 d90b9ae3eacc3e43e83b9ae2adf27158ae1ef1bd
SHA256 fdb17304b17904e7316b050333687bd5cd5c38503927979d73e44072a09ef329
SHA512 2dafe8ef34f8658057673d0b2075e1aad9e964b6c15c4eaa0dadac6b223a7d3ebe0918cf0d4d4cb75da27b2ebc53bc441520058bc275e759326ff57eac46462a

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\tmpx8d9hem6\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI43882\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSFR4bO\prefs.js

MD5 9de65eebf89de912c2b175c623c1652d
SHA1 557c88eb11003cd5ab3c1594d639c154d350aa89
SHA256 929fe1db0dc90c9a864e3ca99b36e900fe60048e762e558294738201fb94cf95
SHA512 a4b223723a882f88c2ccc8b0fc9ba20910e35e1a1885de65fae479a468760d1add99fbaba997f60bf2b4d22eb9b7ee7c5a90a59b50a40bcf625d2ad8e839e8da

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSFR4bO\extensions.json

MD5 edf85466c7252cd6354013a282cbe17a
SHA1 3e3466c19cfd3ffa366bd7f9b3eabde71c10e9f4
SHA256 c8a7bb9822423f85178949130abaa21876713daaad87ecb9254547030820bb1c
SHA512 d91ce691e921f4a30427f56b8e8a749edffb7cdbcb59970e4bb3478ee05a41a37927dba6994247b59317eed47f76c51c493e26f5a37b809f392e1c9bbee73774

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 6d1bbcf9278c3e7d270f1dc2f2f8e609
SHA1 2d01f0867c37e6080bdd399d8baa98ace3902772
SHA256 7df3c3c23290765b6fa98810f753cb0d3b5018593dd7e16503744339b5e0eecc
SHA512 a2c2ac49768b57cc3ec2734f95e2603464a0b8801dbf2a49493b2959affd9e3bfa8a41ede316faa929fdda8629d730a00fef8077d09bcdf5db528aa6650e287b

memory/4528-598-0x000001FAD7EE0000-0x000001FAD8050000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSFR4bO\prefs.js

MD5 f6f619aba92bbe1ef99f9729b9e9adcf
SHA1 9304ce3623b956764d323dfe2fb1519bc00892d9
SHA256 3da2be317f5796ea1b8a63f68fdc08a7b76897f62138c2bfcd8dbc8490843100
SHA512 00b3a624b5223ae81371369f47f98b60f35d9a2a1b54af15e33cac420d55cce238b9e00e88a10ef39286e6e90aa28474282867d75a6709b426af7e166fbbc8e0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSFR4bO\prefs-1.js

MD5 514f24d331f82e9adae65ce72c78c30e
SHA1 d6099e780115868a12e5240316fdcd789362040a
SHA256 edc54b6667c06ddad9c40fdb04fafb967f716b56f595102c9d6b48c1d960e941
SHA512 d611579d9215f2f245f200b10d47ad2ee2c6e781e9c2a4dc6997dd26f9101bb7247de008fe124d35880738146b122a31df79308990a86e98823847e1d695731e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSFR4bO\prefs.js

MD5 8322d540057df4424da7a681518f8340
SHA1 41e449dae2784e5e38f5ba102e7945923b70554f
SHA256 14dc16069b263f33543461fd10553f29966bd9a737a861a8c59ac2435cb12834
SHA512 af725263c9079c7bab5cd091d2fea13c592b0a57f88514f43d16eef6c93a4f0b78a21f63274a0ffdbe95ec725e8e690d2df002f75e7be94fe8158cba6a6470d7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSFR4bO\prefs.js

MD5 456c4e6982f3730a0f1aa312ddc304f5
SHA1 fceaa1975b42971ffe607f914174dcded440d9ca
SHA256 24921fcff2c228c110bda88718ec0eb4b3f045a366d7499342da8bce37d6fca7
SHA512 87bdb794c5dcf6457f550bacd6a2c790635204568a14a4821c77c21656375aed630fec6296056ddc503f3ed7ffaac948b8f797d094e60339cac4275dfc68a5eb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/4228-873-0x0000016488160000-0x0000016488170000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\startupCache\webext.sc.lz4

MD5 2f04fec4eabc1d3629441b3f926bbcc5
SHA1 3d15f2382640a16ae3e008573c75b8b91867d204
SHA256 8921fc335b21390f4e12f539e9dd511e0daf303d1aa629b0a22c55ff3b9c57d7
SHA512 aee483ac4ea66776d2bc20d7e4b5dafec2f31a30fc1612e39f502d4c409c2767b45f713c7d063ed736741ed39e5136349940029719d50b13315ab22d43c8bd1f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\prefs-1.js

MD5 fb2a755c703582b1994e77027e170b56
SHA1 671e2600aa004112678da80bc8991c86bdf1adbe
SHA256 ad1c80ebb1481f7c29791cc54b9376735cc8ed2070d3a8ce2a7a048bc2bafa64
SHA512 8693b0cbae97e8f8cdc9fb84d0bf8e45f4622eaf7cbeff886ba3fddca1bc43e914bd0c3d3d46b8bb53f26b0d31a6f6033493d14a0b049823cdb1b98cad72e6ff

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\prefs-1.js

MD5 b52cb68f51a923f66825c2d9e2cef47f
SHA1 ae02d60e0142ac7cd896ed1cff31c0c1fa227bb9
SHA256 7d9c80df988b998d77b203f405621cf705eeb45ae732f92333d2cd25fd6b1a67
SHA512 9f0751cc2e3a9dd209cde1abebd4c2544f67ea0f1ba0076c4195c476909411e76e904bed9cf2302542515b9492f69c1e70a8983d91aca5b983d116272079387b

memory/4228-958-0x0000016486B20000-0x0000016486B30000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\prefs.js

MD5 80f03790ba7b7e1648ac9a1074a15d41
SHA1 e11c254d83b8d7406ed4823beacb0fb107792d9e
SHA256 86dfc6d3ad4fd49631b52b631773ba343761955337767132dc2e044dbb176d6b
SHA512 8f5a4d8dfcdc5ab1d1495cbc18de90fe118b63101cffec5a3650dda8da95a1453ad6b6a1a15e2f975f78f18b38c9c922aac1ae49d569a0a51c48ec9d1216f287

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileJ9B5y2\prefs-1.js

MD5 8ae790b22a2e65aed8838a28a308d79d
SHA1 38a0d066886928f507ce6fa4e1638c63450c2c27
SHA256 ba10c57635f69ee98344600f58dae64fbf883b82574d7cb2a336bb3736b6eb8d
SHA512 9358346c339209fb47974f8243e3b3f259353a8584360eda16b902ae47e16f460049dc39588d5a7bbb61c8d1a5b4f506267d402de8b1b925694433fc6727441f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilet4MW73\user.js

MD5 5612fb2038d19b74bddb967fe86113f6
SHA1 a8e8d180e06dae94c0cf613ac78c6b493d8ef727
SHA256 a41fc5af6a10c91e156c8e77b0b6723464e4f6cf3c007c7eb10cd108fc200fd5
SHA512 a48701a16ba4018c6e15a8e5931edb0c460a026589c8bcbf500c61bb743aa8ca44f429d52e5f4935e6bf1ef31b60dd40c07da60aa2d1e54353834b904d55aa50

memory/3160-1176-0x0000025012A50000-0x0000025012A60000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilet4MW73\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilet4MW73\prefs-1.js

MD5 f97ad24422daca8a86a1630c501fe856
SHA1 07dab11dd910c8f5f7f9e80f4d98773eef6aad42
SHA256 3b19fd5cc4d4ebe05f2d9f4af26003bb05b30900da7114bdd05ae6d868102c9f
SHA512 fe87c33da3c59656bcefce3a09a33b2705e65b49b4597d211fe74bc71575b2f99dfdb245f5ae525348e0c7d714cb0c48e69cff3ad65c86dff9264205ee42f0b3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilet4MW73\prefs-1.js

MD5 1c04feddbca65d8b6977141243aa7d18
SHA1 617baa90929d8959c0a6d9e90ff47316f41c7b6b
SHA256 4b701ae5fa6f7828118d73ba562b6861c3f7683604d60764619e1b60fd2a70aa
SHA512 b6db904e26a88106f871ae7337f4dc229bc5dced38c81e85c94502ee51df8ca79d304a21b8c9f6b60fce3e53f8a4de504b5a5809623f13526dc698ab1c8e7838

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

310s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Renames multiple (55) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 456 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 456 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 3120 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3120 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3120 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3120 wrote to memory of 972 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2684 wrote to memory of 1544 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2684 wrote to memory of 1544 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3120 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe
PID 3120 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe
PID 3880 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 3880 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2356 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe
PID 2524 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe --port 52025 --websocket-port 52026

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBfbJJh

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBfbJJh

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2524.0.1151720633\197143562" -parentBuildID 20240416150000 -prefsHandle 1652 -prefMapHandle 1644 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {8828783b-ed06-4433-9a38-d2b8aea843d9} 2524 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2524.1.750073804\1341461819" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 2664 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {6038c18a-b18d-4631-b5c2-713e16107e2a} 2524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2524.2.787133543\582775363" -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {c45acfc1-9148-46dc-8410-6bc219fbbba8} 2524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2524.3.52708513\1522699082" -childID 3 -isForBrowser -prefsHandle 3284 -prefMapHandle 3236 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {9cd43597-928c-494a-919a-86badfddc06f} 2524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2524.4.924639111\1167215926" -childID 4 -isForBrowser -prefsHandle 3908 -prefMapHandle 3912 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {904adf77-94cc-4e75-bb88-18a33981f379} 2524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2524.5.912610805\1827388336" -childID 5 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {6cbc0ab2-2ad6-4dfa-b850-d1c7fee80b92} 2524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2524.6.357588137\636915056" -childID 6 -isForBrowser -prefsHandle 3936 -prefMapHandle 4036 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {2353a775-64ae-4429-a7f8-1123ae31cf66} 2524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2524.7.640428649\1399975279" -childID 7 -isForBrowser -prefsHandle 4380 -prefMapHandle 4404 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {874f3dd3-c747-4764-8b1a-72289a9c1dab} 2524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2524.8.1784614778\1550307234" -childID 8 -isForBrowser -prefsHandle 2260 -prefMapHandle 2104 -prefsLen 25535 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {4485864c-4a0c-4bb0-aedc-73563928c3d5} 2524 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe --port 52025 --websocket-port 52026

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.0.884068270\5287204" -parentBuildID 20240416150000 -prefsHandle 1652 -prefMapHandle 1644 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {239bf469-7b3a-4aff-b387-b8c1f754e775} 2452 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.1.258201484\152464919" -childID 1 -isForBrowser -prefsHandle 2644 -prefMapHandle 2640 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {ac2cd750-9bbf-4989-a0ae-7606cd5db905} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.2.295217953\1897128754" -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {11f6f0ed-b51f-4830-aaac-dab400b84670} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.3.850833804\1083759665" -childID 3 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {4ea951b2-226c-4d42-929f-67d74163541e} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.4.943850267\117889512" -childID 4 -isForBrowser -prefsHandle 3840 -prefMapHandle 3904 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {5e19ed1b-67de-4b7c-aa91-44916adca18a} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.5.854236120\272703621" -childID 5 -isForBrowser -prefsHandle 4308 -prefMapHandle 4304 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {859d139d-6365-4a60-b121-a36a58fcb5a7} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.6.744795193\727252002" -childID 6 -isForBrowser -prefsHandle 4500 -prefMapHandle 4496 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {d0f6a390-51a2-4e77-953d-516289958718} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2452.7.696725203\1406587719" -childID 7 -isForBrowser -prefsHandle 5012 -prefMapHandle 4828 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {560b142e-781f-4ef9-a046-825c72874b88} 2452 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe --port 52025 --websocket-port 52026

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSViY7z

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSViY7z

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.0.98614920\932062493" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {aa7ebe18-dc83-425d-bd0b-46920dac4d40} 4552 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.1.131150669\28377631" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {6cf31b90-98bd-4bd0-a0d4-ec440a095c5b} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.2.620878531\1609203144" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {8812ff11-2858-449b-90b4-81199c2c341f} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.3.1644739732\1507248141" -childID 3 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {593fd054-2e50-495e-abd3-428e43b21a14} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.4.1377066246\1292905309" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3808 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {482e0586-27dd-408f-b146-249debab19ff} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.5.60938997\309173069" -childID 5 -isForBrowser -prefsHandle 3880 -prefMapHandle 3652 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {ce5b1aa8-8e1e-4a96-bc45-072177486fd6} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.6.401769763\1905415035" -childID 6 -isForBrowser -prefsHandle 4036 -prefMapHandle 3904 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {97e9999f-941d-4d33-9086-8cae7f54ec0c} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.7.1708899007\1124794784" -childID 7 -isForBrowser -prefsHandle 4024 -prefMapHandle 4652 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {8397970c-4548-4d6a-b7ac-c815b8516217} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe --port 52025 --websocket-port 52026

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen2zE6P

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen2zE6P

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.0.204615446\1232117625" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {523b497c-3500-41a3-87db-9d011a3dde16} 2268 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.1.2132895756\1886692710" -childID 1 -isForBrowser -prefsHandle 2592 -prefMapHandle 2608 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {80841629-af4e-4b65-8c0e-9fb44f7fa3e6} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.2.1329323299\2010037817" -childID 2 -isForBrowser -prefsHandle 3172 -prefMapHandle 3168 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {7b373ebd-92d2-4a3f-af16-996c6675cee8} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.3.1653038000\380926994" -childID 3 -isForBrowser -prefsHandle 3244 -prefMapHandle 3260 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {33f8e329-8087-4a16-96c6-6143bb251ee1} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.4.1493678941\746988379" -childID 4 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {ea79b9d0-6816-430e-8898-646332197fdb} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.5.1134788617\1112912713" -childID 5 -isForBrowser -prefsHandle 4012 -prefMapHandle 4092 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {4e895444-605b-4a01-af5f-f7b99a892ff0} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.6.485325525\1312378997" -childID 6 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {dec5c6e8-343d-4034-a25a-742401a77f70} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.7.1220393554\1121885704" -childID 7 -isForBrowser -prefsHandle 4316 -prefMapHandle 4032 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {d15e8326-2c55-4b2f-b51d-3af3d597e67d} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2268.8.498029380\741071864" -childID 8 -isForBrowser -prefsHandle 4796 -prefMapHandle 4572 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1240 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {69aec2e9-790d-4de9-82e9-56e0d47dab60} 2268 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe --port 52025 --websocket-port 52026

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1696.0.860716145\191913034" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {e19c8df6-2ec2-4c11-856f-442b92010792} 1696 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1696.1.1210094179\350517705" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 2664 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {a56e2939-98c7-4072-8f36-d2b80a3a5146} 1696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1696.2.461050778\642251777" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {aaa8c108-59cc-401b-9d4d-4d5844edf645} 1696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1696.3.1728060354\2015839740" -childID 3 -isForBrowser -prefsHandle 3676 -prefMapHandle 3680 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {cdcf534f-4cdd-4e99-84d7-5b60e7f744af} 1696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1696.4.1591282982\1332620494" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3796 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {3998e72a-bb36-4471-b8fc-8056fe74ad79} 1696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1696.5.1040879821\272716310" -childID 5 -isForBrowser -prefsHandle 4060 -prefMapHandle 4056 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {7be3aac0-0b5b-45ce-b577-468787655ae4} 1696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1696.6.1578452091\736629890" -childID 6 -isForBrowser -prefsHandle 4176 -prefMapHandle 4180 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {12d67069-d383-4ec5-abce-1961a8148073} 1696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1696.7.847721604\224951304" -childID 7 -isForBrowser -prefsHandle 4604 -prefMapHandle 4612 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {259d8c99-118f-4212-9382-3b4e72446a3c} 1696 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe --port 52025 --websocket-port 52026

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1eErer

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1eErer

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.0.935305036\940597943" -parentBuildID 20240416150000 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {e7c4b088-faf1-4bae-b415-b14991e6a4b4} 4880 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.1.1192889875\2144939786" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {8f8c2a39-bcb6-447d-ba1a-23ccb3b4e6c8} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.2.2016268115\1340730729" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {5ac435b8-5f3c-4466-ad14-d26d083f5480} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.3.1418012035\711475614" -childID 3 -isForBrowser -prefsHandle 3208 -prefMapHandle 3320 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {511869fc-0045-43b0-b317-f66be03e8c6d} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.4.522353074\1673592562" -childID 4 -isForBrowser -prefsHandle 3868 -prefMapHandle 3844 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {6b4e37fb-4cb3-43d2-b7ed-a136e441d50f} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.5.1567636504\1777937730" -childID 5 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {89e7cd3c-e8cd-49c8-bdb3-78fa26041335} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.6.1571398722\916389674" -childID 6 -isForBrowser -prefsHandle 4204 -prefMapHandle 4208 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {eb001d30-c643-461e-a76f-8321325c0159} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.7.1006175497\1655276299" -childID 7 -isForBrowser -prefsHandle 4520 -prefMapHandle 4068 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {9567e5a7-7182-446d-9da4-3dc48698cfea} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.8.1284857772\538874034" -childID 8 -isForBrowser -prefsHandle 4928 -prefMapHandle 4756 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1312 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {0dddfade-7078-407c-9d0c-1fa4f6f4662f} 4880 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.9.927641104\2110488755" -parentBuildID 20240416150000 -prefsHandle 5004 -prefMapHandle 4988 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {ecf5b68e-f9fc-4df6-9639-9969933e6c92} 4880 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="4880.10.1266424577\1315853853" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 27362 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {d675f89d-f04d-46bd-a4b1-6e0350a99f69} 4880 utility

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe --port 52025 --websocket-port 52026

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletuYca9

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletuYca9

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1028.0.1127226322\46812076" -parentBuildID 20240416150000 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {e7df13a3-f927-4aaa-aa45-99735099ee41} 1028 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1028.1.101473542\2033971382" -childID 1 -isForBrowser -prefsHandle 2556 -prefMapHandle 2572 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {0cd80812-c88e-4dae-98e4-222ac73942f9} 1028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1028.2.227273917\1285162422" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {f1421bb8-aa07-4cfc-9070-9664a17b981b} 1028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1028.3.1147395247\254734429" -childID 3 -isForBrowser -prefsHandle 3216 -prefMapHandle 3480 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {075a50a1-0812-4147-aa91-9f157eaba1e8} 1028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1028.4.1469256435\331217387" -childID 4 -isForBrowser -prefsHandle 3772 -prefMapHandle 3820 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {0b72eab1-48df-4b46-935e-f366babb55b8} 1028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1028.5.1120676183\399275714" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3928 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {ef09a662-180e-476c-a6a8-8d6ba1068a8a} 1028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1028.6.490873401\307086323" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {925697e5-99a4-46d7-badb-43d483f56290} 1028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="1028.7.355447689\183282664" -childID 7 -isForBrowser -prefsHandle 4524 -prefMapHandle 4568 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1244 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {41c00e39-94e4-4dd7-ac9e-a82027dac12d} 1028 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe --port 52025 --websocket-port 52026

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee4dayA

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 52026 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilee4dayA

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.0.855860919\1295532405" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {0cc727ad-76a5-4a36-9b7d-721672fde5f3} 2564 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.1.980260716\1240516490" -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 2632 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {15660020-e827-4e58-a294-a04c8e32df9c} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.2.43055514\381596308" -childID 2 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {6fe208e8-220f-4a1c-9e53-d0b3e26fa12b} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.3.25404615\1111918293" -childID 3 -isForBrowser -prefsHandle 3636 -prefMapHandle 3328 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {f4d14f65-92eb-466a-9960-43c743bcda61} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.4.1309530128\52363625" -childID 4 -isForBrowser -prefsHandle 3304 -prefMapHandle 3148 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {83335f17-573e-4a47-994b-16a23cc4e5b1} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.5.672442011\285162712" -childID 5 -isForBrowser -prefsHandle 3996 -prefMapHandle 3756 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {02cc3b3e-5d3c-4ae7-a4d5-4ecbe783ef22} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.6.648608869\1017244195" -childID 6 -isForBrowser -prefsHandle 3304 -prefMapHandle 3988 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {802e633d-37eb-46a6-82fc-85f766ba4023} 2564 tab

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe" -contentproc --channel="2564.7.1119228648\997509673" -childID 7 -isForBrowser -prefsHandle 4604 -prefMapHandle 4524 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\browser" - {29ca2ac8-1bf6-4984-9e17-5b8955a4feec} 2564 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
BE 2.17.196.137:443 www.bing.com tcp
US 8.8.8.8:53 137.196.17.2.in-addr.arpa udp
NL 45.134.225.36:11444 tcp
N/A 127.0.0.1:52128 tcp
N/A 127.0.0.1:52130 tcp
US 8.8.8.8:53 36.225.134.45.in-addr.arpa udp
N/A 127.0.0.1:52025 tcp
BG 217.12.203.196:9001 tcp
CA 198.100.153.7:9001 tcp
US 8.8.8.8:53 196.203.12.217.in-addr.arpa udp
US 8.8.8.8:53 7.153.100.198.in-addr.arpa udp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52233 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52241 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52674 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52682 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:53045 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53053 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:53379 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53387 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:53754 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53762 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:54108 tcp
N/A 127.0.0.1:54116 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:54511 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:54519 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:52025 tcp
N/A 127.0.0.1:54827 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:54835 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI4562\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI4562\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI4562\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI4562\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI4562\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI4562\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI4562\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI4562\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI4562\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI4562\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI4562\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI4562\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI4562\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI4562\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI4562\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI4562\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI4562\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI4562\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI4562\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI4562\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI4562\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI4562\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpig6zyec5\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI4562\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/4564-493-0x00007FFF16300000-0x00007FFF16301000-memory.dmp

memory/4564-492-0x00007FFF15BB0000-0x00007FFF15BB1000-memory.dmp

memory/2636-529-0x00000212B5400000-0x00000212B54AD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBfbJJh\prefs.js

MD5 ba2e28cbee96d7eb89d7c541c5467e30
SHA1 2d8dc1d41572d71c805174cb7987041c6036d32f
SHA256 3251a1624bdc10947308bca56d1dd2176e5746870a7bc88643d5ace74b10ce86
SHA512 0b2ba75a952c6e6a52c31db60d29e9e3af42aab44c86a658604c950c09cc4f9d966eeac08df21517d3b7baf53360f88ae977e8b08a5fbae11fed86f818245719

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBfbJJh\extensions.json

MD5 5a73d974f7f8d385cc758f515535a16f
SHA1 defdb6ee9db7494b70583b9b6e4bc58b3e652c71
SHA256 de5b6c4829ba9911b8a8075f8318bdfc6828dfe1635ba806fd9d402d27ba77cc
SHA512 ce338d6490c25c9ea285790c99c890bfd5a3244ee44114dadf8368bb1db5c4e8fced88353b213db7ebebef1ace705ce12b337176babef30e92d2ffdf607b6c1a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBfbJJh\prefs-1.js

MD5 0df6ddb5b0b13f80bb40b35d84936914
SHA1 085786b0e77aeffed9b25f5556357719936cd379
SHA256 159e7c7d86abbc32de3a306eff94c2f6e3e9b1dacc1f2c86fad1908c371d49c1
SHA512 521bcf7a762f8d9afc97b4ee636842a76e18b53fe3f4c975862b470450de15fcad58c0abeeacc69733f261ff776c2b97571ebf2c9cde2615134c008c04fb8786

memory/2524-569-0x000001C369130000-0x000001C369140000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 d5b433747172a8ba6c6af5165bec3ed6
SHA1 fb2cc77c0e1b9b7cb3fc82e4535a950ce77edd78
SHA256 081959e23df2a5f47babdd8cc1e9629a3640ea16dfc4ed1c6694b804d9944e8c
SHA512 59eff65559ac9c74de53c914164eca555bea27fec5a852cdf8a26b84b187c4f6131e0f1bac58e1dbbebe0a51229203595d5bc80a49c255b96586fbf897461001

memory/2524-611-0x000001C35D100000-0x000001C35D270000-memory.dmp

memory/4564-625-0x0000021F64CA0000-0x0000021F64D4D000-memory.dmp

memory/1328-626-0x000002891EB30000-0x000002891EBDD000-memory.dmp

memory/4516-630-0x000001F6E30D0000-0x000001F6E317D000-memory.dmp

memory/4768-631-0x0000016D9B380000-0x0000016D9B42D000-memory.dmp

memory/3040-632-0x0000017EAA900000-0x0000017EAA9AD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBfbJJh\prefs-1.js

MD5 c8e1df7e4b3ca0e0470eb9e209c169bc
SHA1 124d9fbd44a3e29e6f18ae4c65d462bc88692b58
SHA256 abff510239cd2863356e9a59d82e3cc91c6d09081f876d64caf3e82ccf6004af
SHA512 51e8a04fc7fcc5f8a6f45e8eb95c6ba48195f7a133711c60b80db7a3f0445f9b4becc3b73a34188775a0d1ca5e2d1eb509bf7c6150c323a60824b7f9fabe8f9c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBfbJJh\prefs-1.js

MD5 54f17eafe9f75a4548c3076e48496cce
SHA1 e91c782de3286759c1301fd6a01829b595f71951
SHA256 75cca62f4c3bbed47af0497e5fe242f58427a1aca7ddfded6604b4d2a63ef840
SHA512 27708d8f6e3562d5d806cb99bb5e69873cd1989965f54208154c6d3a87a26d5bdcbeb55ab38d06eee6537c22e45e11de2ef62220a9428400573983267097a4c0

memory/4336-688-0x00000276C08B0000-0x00000276C095D000-memory.dmp

memory/928-754-0x00000279D1C00000-0x00000279D1CAD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBfbJJh\prefs.js

MD5 b996ad4baa09e365761ff098d2cda178
SHA1 24240480dd38e0e3cfef3d456eb0d2436c5a9c63
SHA256 a508cc56cf059dd9e53b1c4d981f4d3ce63855aa949a9694297eee146731f739
SHA512 f386600a701688daeb1a1084e0eaab1ea9204b5aade212f033c06fc7f2bb610540e36eb46cc34f2995544e7084a548e89e8b47dab26ccd1ae5e31b3c3a99d4fe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBfbJJh\prefs-1.js

MD5 1e48b820c5ba1a6c3b5a8d591e53b601
SHA1 3ca8d33dfbc0832644c9c8bd2d556b354007de67
SHA256 991c8b49a7582bcec09d7d80f53f44076c452fc79c0d48a8dfa8ee38aa7a4683
SHA512 e972e010206bf429055b6cb1c0ec398772c7342d9141716b0805cbaac9ae230e3a2dc830b4090c4ecb5e8100abfc00de5c4906404a5930d097c3bd2ab1a2db1a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\startupCache\webext.sc.lz4

MD5 3d4dba14b055085f1e4875283685fcf8
SHA1 e472082d167b648c6c3e316773ebb1fd27cda000
SHA256 bad06238e7a98251364a164fb1b93ca6dcfa086ef7abd8e0778b9a04f31a977b
SHA512 374eec58a7f0552d96f9536ed9f299164d5347c24f037f6f8d9e7704ddc74136451c0810a6ff305e7a8f8638188091464f740b0c777968bcd205aee74aa68b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\prefs.js

MD5 551313911184a0019822f76502fba3a4
SHA1 bb0705d0bcf92d10031c344b12e1fb78f769429a
SHA256 ea21462fff1c28e6cacb2c1b75987ce1bfa13ff590d00662053a3684b0ef3c30
SHA512 690d6a98aff9da71b797dc4c2b4e6af40fae7516a3e11cc8e19736d8592beafe4c20da89aa15c833df86618e6fe05d3dae5a2f02adfb176d19daafaac6945496

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\prefs-1.js

MD5 2df5b42034883fb2f402af125ad29769
SHA1 2b75d6fad8dee81a53220474b456f8088a430e36
SHA256 056d83323ffcc22e18d084eb5e8e327adbceed6e22d22084a537cd5cd03d881e
SHA512 f856068ca0c5879f1d9634967887816aa5f42039e631f870b146c78e9e5ce7509d99c5ff07b35c55441b434447e45f8096a317dd6d830c2b6dfbbf6f9a2eea18

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile8KrERY\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSViY7z\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSViY7z\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSViY7z\prefs-1.js

MD5 64ba92006435550ba9b26a58dfc445bd
SHA1 277bd7d780b1f0b7aebfffafbc3ea8dc38951f61
SHA256 080663f75564441e3e3bdc6cd4f75af08b400f631b7304fcf4fbd75710b77646
SHA512 919121e9401b1a4089109257b3bc4d1e3041f399eb682be5801dea0e84299d8a04fa86cce6f6e63c24718110d7917f70cbb66f953129587ba95b34bfee273c1f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSViY7z\prefs-1.js

MD5 fbf576f27356145311f71226f4c166b8
SHA1 6d55234fd1f77c320d699871ba6b6665f3bc5840
SHA256 5a88773f3044cc3948d379ac413099acb6c2f30987e8d9abc7448d0e79bc2869
SHA512 96aaf503468fbd9e883b1fa2c4e111040bea55c17daae7e54345de230cbde8f9abe971ee4348434c77d778394540c99035a5f9afa4d5e757f98becd6c49c0344

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen2zE6P\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen2zE6P\prefs-1.js

MD5 4a6e57eb9970224c4980155cb2bd5653
SHA1 3a4b08e5a603946c8307d0b8d634a32aeb80e09c
SHA256 b691bb1961bea51e9d970d7114b4580a74dd917644d5205034e6bfe0a8328731
SHA512 0317ff8e19360d665709c9a1fa5d818c946bfa450c4b3172676a0afa9ca692d5e91b0c3458c0c312dd00278b918b174d9287cee80bc79053efb1ae61b8b259a5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilen2zE6P\prefs-1.js

MD5 39216340a54fe02f381cd76b210700c1
SHA1 097be953055cbcf7b660dda065e675cbca5b4d38
SHA256 c40dc16312ff52248c9ffb2ab452bc4499302f20cdab0face03492666fe6b10b
SHA512 8cd4771fb1497319c52c65330428734dd5b49d5a17e9b3fc45069e9b3d2c41501f03503e5b37341deab4557c035c5d3a949cc724adba22e16ec034f704b75ece

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\compatibility.ini

MD5 65852cfa7774acd6627f090999c4b042
SHA1 525eae917b7ef05830d4620954fbbfec920b02f5
SHA256 ca827197e0b5085f726e7f6923db600d5c6e3c091a1e169a94d949df68004c55
SHA512 fb8d35548b2e7f8e11483c840e74ec56e2b97abc98e0659347a576d7b94cebdf5c0653b4f04c3e363edd792bc4403670c4b569e043e6893f6506d7fad9625fba

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\WebDriverBiDiServer.json

MD5 edd70e539e8e1976460db65cbbfa01cc
SHA1 4acd3780edd42718e82a2506d2138dbd8244aa5d
SHA256 3d8fc166034154167a0e276b0b70f726340173e793bf64a2d53c68eaad25004f
SHA512 d52ab38dac1d8572a240965d4fca3527310ad769b3a373419da6a3725c9ae1372a83b29b9b58d8fc906e22b49ffa93368d47f234a19d350cbda2a72b3cdfcbcd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\prefs.js

MD5 e4016336b8b7bf140fde7d3c6fd2dbde
SHA1 4b7c4561858d118c21bb9c2bfd2200c4579e31e8
SHA256 6fe4da5d405556cfe8acc87f3ea59bef6a8506a8e356dcb6efc56fc80eab77a0
SHA512 0d6545e5501a2f92c6ad976486b34698604e32dbd1ae89510f7d4da5b741b3044e7439b4dea3995237a232f478aad6da5ac0f5b8833a7c50734c7f79e3794452

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\startupCache\scriptCache-new.bin

MD5 140578486209f94d8be52b52b11e98c0
SHA1 6c24c017bbebdf415605fab7e8bf34cc1a0bdc14
SHA256 efc2d68439f21112a2eeb7f4256d053e92283f3ce8707f547f8015a9db19f16b
SHA512 bb9b335a3030f350704b7def82b712ab9e459428633ea843fbf0b8c2512762e67078538204a6d38bf82d51e86aa420b7af9d8e0cad14455060104ad9f5adfebe

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 11a07edba377d1ddd700e991d45dfa61
SHA1 e6da14014975b08933628637004c7b2172e0be84
SHA256 2f92f3af7a97bd0ab19c9c243b00ee210c4b806290a9a49721f0bbac52f508da
SHA512 55ca8b7276c5f09c80abe41d8fd551dee0b3079589d0e9f2dbc30f4595846bd7db971351452528011c215400a6869f46256245499fbc503adf452ad4dbf70d02

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\prefs.js

MD5 c5c913717b14962ac79423a3a1c1c29d
SHA1 85c8a413307d0688fece2ef4ba0c593fa635be1d
SHA256 8b5da1a53f4f9e4c692eaef2b880088234b53c3db331494c243615c45a7466e1
SHA512 b871a81d2f3e0138083856a2b6088cb280491944863631d8457b06942d5802506a8e0d7444739561476c9e0ddd9d5f7bbbfaebc7d1b855d1fd5df1714e6ecd11

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\prefs-1.js

MD5 b6a08428c9e416b8ee156370a76b5558
SHA1 3da0c43cc008564d1c0b15acc19ddf27fe160f99
SHA256 12bca30c09f76429d44457f0870a669d0b4a87d8dfb097c7b3a01ef31d51e9b7
SHA512 34028ea9c0fc6d197abff7ab0592b48c6dc234aa557159ed39f240b48671da1b87793be29c6e16ca62881ae990f3220f24ed50e5272cc6addaea9544e67f3b23

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile5t5NQS\prefs-1.js

MD5 e1a426ebbde96de038a7a1e018cb92dd
SHA1 1b88bad17f391d3957cc35379f6039b329a2bad0
SHA256 02a7de8a4c5fb620d37d7daefd80add5e257f389c5f88b76559fb04346dde770
SHA512 33fdce8785f4a6a518aa5f0674efa8eb96f6d83f4aecfb713316c9b1e4765d0c1a6925dd5e557f64ccaef14c6237011898b54a84d7a83cdeec8d6ab244ed586e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1eErer\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1eErer\prefs-1.js

MD5 9c7d4bbb61bd48893257fc2f378487d6
SHA1 a3cc14e3d34f72e5b0b732f9c3b822ec0501d525
SHA256 70e002c4496bc541d2061a6e499b2cf8b6a7c835be5d938630e21491531533ea
SHA512 88e388607562112af6ee510de98e4d02ba0e67d8f67fa9fcf81d4950e8c6983b2850c561a717edd0d2d2999fe08e52c3885abc61368dc62c2607c132641d7974

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1eErer\prefs-1.js

MD5 8a90f5eb16e8370a104a7325056ae46a
SHA1 53ff794d3e6169ab820001df0d76a0cd0ee8a763
SHA256 66c7228eff07c6580d596d47a80f40ece8eac9659c17e88f8ebc98d181659bde
SHA512 309bfb63e2efa3dea7f4c1d29a2e59f7fbfb8d7ca9c797d07fb94d6f8fcb7fc65386ea9c964939699d24010d326f6b97a1352cab502f950119c222c1c0f1b6b0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile1eErer\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletuYca9\prefs-1.js

MD5 03bac05ef304c668c9b89bcf35786218
SHA1 3deb73c74899958394b0b4d572e2ce4ff40f84f7
SHA256 fecdf8a06869f606960537626cbc94e360e39532c409de843bb6c01028d15f7d
SHA512 24b60b0efec47a6e68cd5f71b50be85973a521fc21c8e1296b4c9dc637e431c7476576b2f6edb8612e768ffc8ec5a4d015a46d2020d2c47950523189ee47c178

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletuYca9\prefs-1.js

MD5 42eed2d7e5a62f6f74a9f13dd5a7e554
SHA1 61ad8d63ec45b306b46fcdb054dca76d119e26fb
SHA256 34eb3a796addb7ea103ae9aa94d6164859092a124b81889c50ae85bd6d5bead6
SHA512 579d1fc543c8e18880632cfa9a290d67ec1b75eede3010efc3f23f060036f10a9f4de30966f8bd2b00b6521dac922d04ee0bf7054e9fc407d7bc0d53da864737