Malware Analysis Report

2025-06-15 20:36

Sample ID 240509-cckj5scb21
Target heavy.exe
SHA256 88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c
Tags
evasion ransomware trojan pyinstaller
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

88093c75834d60df3b4b6f4df642bb28dc749f4bd562f587fa8f9e30e97d3c5c

Threat Level: Likely malicious

The file heavy.exe was found to be: Likely malicious.

Malicious Activity Summary

evasion ransomware trojan pyinstaller

Renames multiple (57) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks whether UAC is enabled

Enumerates physical storage devices

Unsigned PE

Detects Pyinstaller

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 01:57

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win11-20240419-en

Max time kernel

300s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Renames multiple (57) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4188 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4188 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 5040 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5040 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5040 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 5040 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 2444 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 2444 wrote to memory of 1052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 5040 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe
PID 5040 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe
PID 1640 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1640 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 1552 wrote to memory of 920 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe
PID 920 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe --port 50001 --websocket-port 50002

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0V7Cnz

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0V7Cnz

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.0.1840142017\571638688" -parentBuildID 20240416150000 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {28161c23-0680-41d5-885a-b4729510f32b} 920 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.1.2039104283\1189343839" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2804 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {d2dae577-1cac-4aa6-bc7d-1ae78f2eb32f} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.2.1538561958\1316585974" -childID 2 -isForBrowser -prefsHandle 3144 -prefMapHandle 3140 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {4258ebf4-4791-4917-a9f7-999f5dbd6e5b} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.3.1436716642\230937442" -childID 3 -isForBrowser -prefsHandle 3308 -prefMapHandle 3564 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {d1c0ecc5-a0d4-41d9-bfad-28e9db383aa8} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.4.58054641\347551150" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3308 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {90e4c2e8-4ee6-433d-a894-a7ffe2ee7b6b} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.5.1349134125\1454159921" -childID 5 -isForBrowser -prefsHandle 3900 -prefMapHandle 3500 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {58754069-1f32-46e1-ae05-e9e8992a09d5} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.6.1581191357\1181635219" -childID 6 -isForBrowser -prefsHandle 3212 -prefMapHandle 3216 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {3b078089-0c52-4797-ba98-fca11447ce60} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="920.7.147423507\2106379699" -childID 7 -isForBrowser -prefsHandle 4480 -prefMapHandle 3456 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1348 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {4687e3b8-6714-4bdf-ab18-0af5a09685a6} 920 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe --port 50001 --websocket-port 50002

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.0.311078882\1940943878" -parentBuildID 20240416150000 -prefsHandle 1764 -prefMapHandle 1756 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {0c1990d7-7475-4a0b-b98c-f15284493f82} 2936 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.1.209031582\618838504" -childID 1 -isForBrowser -prefsHandle 2520 -prefMapHandle 2684 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {5ed56cc4-f79b-4a19-9593-f2baa64f881b} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.2.121442720\1281776896" -childID 2 -isForBrowser -prefsHandle 3120 -prefMapHandle 3116 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {191ad50e-6d2d-4608-8445-578f1b142446} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.3.372002211\1298533943" -childID 3 -isForBrowser -prefsHandle 3448 -prefMapHandle 3732 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {4f7fe593-95fd-4358-8258-5e78999b6d43} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.4.407390618\276199030" -childID 4 -isForBrowser -prefsHandle 3748 -prefMapHandle 3744 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {2e76fd02-f4d6-4f97-942d-b4a8265b02af} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.5.2082435092\1033323669" -childID 5 -isForBrowser -prefsHandle 3416 -prefMapHandle 3248 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {b69e9248-5381-4814-a293-15a6cb3b09b4} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="2936.6.802884053\282834345" -childID 6 -isForBrowser -prefsHandle 4036 -prefMapHandle 4040 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {bbdf0f27-c6c7-461d-a54a-ac1fcfc7ce73} 2936 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe --port 50001 --websocket-port 50002

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSOiQVM

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSOiQVM

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1636.0.1001276218\1691219316" -parentBuildID 20240416150000 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {6be21ba7-1aba-4512-9640-d77e68233b05} 1636 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1636.1.445692903\1626637639" -childID 1 -isForBrowser -prefsHandle 2672 -prefMapHandle 2760 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {ed67e54b-c077-4742-8eb4-97abd1e9595a} 1636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1636.2.417320421\1922776746" -childID 2 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {b66b6960-79d3-4e09-bb4e-60eb79264afa} 1636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1636.3.1234061867\2119238421" -childID 3 -isForBrowser -prefsHandle 3628 -prefMapHandle 3620 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {3f2f7eff-bd0f-465c-9910-bc01650c19b8} 1636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1636.4.1935903965\1299108562" -childID 4 -isForBrowser -prefsHandle 3204 -prefMapHandle 3188 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {e9a958ea-1fd2-44af-9765-bde6ae722a20} 1636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1636.5.673820399\193962525" -childID 5 -isForBrowser -prefsHandle 3416 -prefMapHandle 2640 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {bbce7666-1303-48d0-9c05-300d16ce4696} 1636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1636.6.663767307\11376749" -childID 6 -isForBrowser -prefsHandle 4088 -prefMapHandle 4084 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {2236d099-da34-4d6b-8862-ad3604fd78e3} 1636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1636.7.46477533\600837112" -childID 7 -isForBrowser -prefsHandle 4320 -prefMapHandle 4304 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1292 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {16553985-9acb-4328-8240-1b4d4736615c} 1636 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe --port 50001 --websocket-port 50002

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebU0Gwe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebU0Gwe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3736.0.1689230090\515559363" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {65f4a6a6-d313-435b-8135-9b0dd32fe959} 3736 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3736.1.1288733832\1746220313" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2496 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {941d850d-28ef-4844-a758-b8d4e4c81fd9} 3736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3736.2.1138756084\1773452534" -childID 2 -isForBrowser -prefsHandle 3100 -prefMapHandle 3096 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {973e317d-8d54-4ffc-a2e9-5b53dd9b47fc} 3736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3736.3.645844959\2057135125" -childID 3 -isForBrowser -prefsHandle 2776 -prefMapHandle 3088 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {22abc1f0-fa44-45c6-9756-9c341eaecf78} 3736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3736.4.1231183123\435084082" -childID 4 -isForBrowser -prefsHandle 3392 -prefMapHandle 3556 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {54cae3e9-d0e3-44e4-9891-ed8c9dd8a297} 3736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3736.5.1873224372\1276564951" -childID 5 -isForBrowser -prefsHandle 3476 -prefMapHandle 3348 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {e340443f-ed92-4908-92b8-8b89e1434689} 3736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3736.6.2025970926\1750159960" -childID 6 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {358a3ca2-a2b0-446c-9023-bf98784a29b6} 3736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3736.7.880394378\63557548" -childID 7 -isForBrowser -prefsHandle 3904 -prefMapHandle 4156 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 1296 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {3cfbf8f1-6c58-429d-a1b0-efbf7528e373} 3736 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe --port 50001 --websocket-port 50002

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.0.270544225\495742229" -parentBuildID 20240416150000 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {9374ea90-3f56-4213-8f1f-4c60c5a7f64d} 3728 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.1.217667382\1099471457" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2832 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {a617cb89-784e-4759-a0b2-a18dcae26800} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.2.1985116147\63266525" -childID 2 -isForBrowser -prefsHandle 3092 -prefMapHandle 3088 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {e0e23fa6-9a31-4244-a7c2-d8b31cedbd3f} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.3.2043648445\1341201875" -childID 3 -isForBrowser -prefsHandle 3508 -prefMapHandle 3632 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {9dc06789-3555-45d8-9f14-c44873171723} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.4.1397397120\40023965" -childID 4 -isForBrowser -prefsHandle 3368 -prefMapHandle 3276 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {693d4e53-f30c-4460-904d-1bf3f2b593bd} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.5.1560140053\1603824362" -childID 5 -isForBrowser -prefsHandle 3836 -prefMapHandle 3840 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {07fb336d-bf80-47c8-b3ab-f99faa3510fd} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.6.1870649427\964883668" -childID 6 -isForBrowser -prefsHandle 3892 -prefMapHandle 3896 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {b09f84cc-7c20-4d39-be74-4a3c8fda4bd3} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="3728.7.650277159\2013222901" -childID 7 -isForBrowser -prefsHandle 4480 -prefMapHandle 4568 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1356 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {5b2c118c-e9d3-4747-b498-cb86c3503cf2} 3728 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe --port 50001 --websocket-port 50002

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile98NQoC

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile98NQoC

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1580.0.1720071217\161213196" -parentBuildID 20240416150000 -prefsHandle 1724 -prefMapHandle 1696 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {0ca7b50a-76e9-4a7e-b4ba-0740a2c112f8} 1580 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1580.1.47384856\2090710581" -childID 1 -isForBrowser -prefsHandle 2292 -prefMapHandle 2436 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {b29ce905-3d7f-45b2-99d4-b13d9a80ab3d} 1580 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1580.2.1066135563\316054591" -childID 2 -isForBrowser -prefsHandle 3052 -prefMapHandle 3048 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {a2f76b40-4ec3-4fe6-8a68-8b32e5352dac} 1580 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1580.3.812115335\18916467" -childID 3 -isForBrowser -prefsHandle 3492 -prefMapHandle 3476 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {f01fde3f-c86e-4b6e-81be-f77f209ffd89} 1580 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1580.4.877057880\1427612171" -childID 4 -isForBrowser -prefsHandle 3176 -prefMapHandle 3172 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {4ab9d441-57ac-4a64-9b88-994f76889c57} 1580 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1580.5.116153865\1455026666" -childID 5 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {997e1135-7177-4eb5-a172-c3025790c646} 1580 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1580.6.1024431158\1074960915" -childID 6 -isForBrowser -prefsHandle 4012 -prefMapHandle 4008 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {5db474e1-7295-4005-ba43-392b34c97e22} 1580 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1580.7.2140010623\1413478309" -childID 7 -isForBrowser -prefsHandle 4580 -prefMapHandle 4292 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {0f99cb23-b061-424d-b8b4-e3c8bc9711ad} 1580 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe --port 50001 --websocket-port 50002

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBKDP76

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBKDP76

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.0.1616318570\2132402292" -parentBuildID 20240416150000 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {d5d54fb4-30fc-4871-945a-ad1273905c2e} 1576 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.1.1825589629\1720862996" -childID 1 -isForBrowser -prefsHandle 2420 -prefMapHandle 2272 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {44725639-c4c8-4a98-850c-b9e27729090d} 1576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.2.1208028021\2089827105" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2976 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {6b8f7138-2b10-4e03-ade0-2f48efeec0ec} 1576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.3.1433391957\1033122602" -childID 3 -isForBrowser -prefsHandle 3464 -prefMapHandle 3368 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {7a109162-2c14-4962-8ad7-e7cf468ee213} 1576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.4.1836300986\887373454" -childID 4 -isForBrowser -prefsHandle 3164 -prefMapHandle 3240 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {54d85fa9-cdb6-4f32-aec6-19eebb3550cb} 1576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.5.2111072478\365166389" -childID 5 -isForBrowser -prefsHandle 3820 -prefMapHandle 3824 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {a8e45519-f6b7-4442-972e-855da984b57b} 1576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.6.1839321083\598565391" -childID 6 -isForBrowser -prefsHandle 4040 -prefMapHandle 4036 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {cb0f0e1d-7935-4bb9-a90e-4b369b96f2b9} 1576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.7.901139112\1241908278" -childID 7 -isForBrowser -prefsHandle 4328 -prefMapHandle 2388 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {e745bae9-2a85-4341-9d7e-41c23e940927} 1576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.8.586113634\480529299" -parentBuildID 20240416150000 -prefsHandle 4772 -prefMapHandle 4768 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {11d02cd2-abe7-4dd3-92ad-bf32004ec8db} 1576 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.9.272033501\593910810" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4788 -prefMapHandle 4800 -prefsLen 27362 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {6ad3eaec-7c1d-4d7d-a36f-db0f5fdb6560} 1576 utility

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="1576.10.678230924\908122833" -childID 8 -isForBrowser -prefsHandle 8956 -prefMapHandle 4540 -prefsLen 25287 -prefMapSize 245849 -jsInitHandle 1276 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {91d9cc7c-555a-454e-9ec3-48a3487f6428} 1576 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe --port 50001 --websocket-port 50002

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYfPm9O

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50002 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileYfPm9O

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4744.0.1034021345\339385517" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {a20ee371-1f3c-4a13-a7b6-1e3c3f4cf8f9} 4744 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4744.1.1298305370\1269061418" -childID 1 -isForBrowser -prefsHandle 2580 -prefMapHandle 2700 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {6d22ff32-d013-4417-84cd-b7a9c33fac88} 4744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4744.2.2073096322\31074149" -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {3baf1a45-90d8-4fa4-8ded-8b7fdb29aa43} 4744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4744.3.1565843419\691468168" -childID 3 -isForBrowser -prefsHandle 3464 -prefMapHandle 3660 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {6ff43ad3-ed6e-4842-938b-89368d84402b} 4744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4744.4.1080306124\1797082399" -childID 4 -isForBrowser -prefsHandle 3140 -prefMapHandle 3144 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {27ed664a-b067-4362-8fba-ba27cdf43fef} 4744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4744.5.2081122783\1126848692" -childID 5 -isForBrowser -prefsHandle 3656 -prefMapHandle 3204 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {360cbd70-a6b4-45ba-9371-b533a579c81b} 4744 tab

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe" -contentproc --channel="4744.6.1400209907\1462195956" -childID 6 -isForBrowser -prefsHandle 3900 -prefMapHandle 3904 -prefsLen 25194 -prefMapSize 245849 -jsInitHandle 1316 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\browser" - {9e6cf014-cefa-4b58-98a6-a2bc59dacd0b} 4744 tab

Network

Country Destination Domain Proto
NL 185.80.222.164:443 tcp
N/A 127.0.0.1:50104 tcp
N/A 127.0.0.1:50106 tcp
N/A 127.0.0.1:50001 tcp
CZ 87.236.194.23:443 tcp
US 8.8.8.8:53 23.194.236.87.in-addr.arpa udp
US 8.8.8.8:53 164.222.80.185.in-addr.arpa udp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50200 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50208 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
FI 37.27.107.216:443 tcp
DE 88.99.248.158:9001 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50698 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50706 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:51020 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51028 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:51419 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51427 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:51811 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51819 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:52209 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52217 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:52657 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:52665 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:50001 tcp
N/A 127.0.0.1:53130 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:53138 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI41882\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI41882\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI41882\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI41882\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI41882\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI41882\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI41882\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI41882\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI41882\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI41882\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI41882\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI41882\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI41882\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI41882\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI41882\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpdwhwgatp\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI41882\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/1436-482-0x00007FFB90940000-0x00007FFB90941000-memory.dmp

memory/1436-483-0x00007FFB8F9D0000-0x00007FFB8F9D1000-memory.dmp

memory/4468-513-0x000002340AF00000-0x000002340AFEA000-memory.dmp

memory/4468-515-0x000002340AFF0000-0x000002340B0C6000-memory.dmp

memory/920-541-0x00000205F98C0000-0x00000205F98D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0V7Cnz\prefs.js

MD5 2a9c566a509a8aaf1cd66a68d5b58d6e
SHA1 f673941a8c654625e20a515a4113bb1fccdc5813
SHA256 08e72a7b9cd6729bb689684af24bdc6988234f4348cedda4c332bcbc2de6f23f
SHA512 cb9a4a96e1c85d5a16420386b60fb0ea1a2d2fc7cb1509ab6a8261513f4ec632faf2f15ae78498d298c667e937eea35d44a027386a1ab9a9b982d5e7213ca797

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0V7Cnz\extensions.json

MD5 e93b1829afa11673d30629b9cf6eaed2
SHA1 a2f04ddb061bb91ad3de2424106f7dd3e07af4cb
SHA256 794fe0dc8cbfcd98c5745ef37b195c3b873bfb0cca148ac0c94c1fe6b7903966
SHA512 ace6d888716cd794c96766169fcff65b31ffdad4702dc53d149d6584c739d1cc83c8cb189f6a4149e119cdd49a7be1dd0ae72553102c52185810018f34f5e5d1

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 a8552f955bf47764232187dc4b2edd85
SHA1 c95248f6045f593f758b8c19ef7508df0c268e3f
SHA256 5d8ef4b291aa3138bf697831e640aa9d2cc9ec62cdaeaeab388e8c90b00840da
SHA512 967fc34ad332fe3d409f537695592454b80cea3fb2949536e7f29092c69cc76b2f16716e1103bd84c12d26218da3ce300cebf9f80f30ba7add20a2ee9eed17b0

memory/232-621-0x000001CA2E700000-0x000001CA2E7EA000-memory.dmp

memory/1076-625-0x000001CBE8600000-0x000001CBE86EA000-memory.dmp

memory/4748-627-0x000002831DD30000-0x000002831DE1A000-memory.dmp

memory/4748-628-0x000002831DF10000-0x000002831DFE6000-memory.dmp

memory/1076-626-0x000001CBE86F0000-0x000001CBE87C6000-memory.dmp

memory/976-624-0x000001F5CB010000-0x000001F5CB0E6000-memory.dmp

memory/976-623-0x000001F5CAA90000-0x000001F5CAB7A000-memory.dmp

memory/232-622-0x000001CA2E7F0000-0x000001CA2E8C6000-memory.dmp

memory/1436-620-0x0000020B18900000-0x0000020B189D6000-memory.dmp

memory/1436-619-0x0000020B183C0000-0x0000020B184AA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0V7Cnz\prefs.js

MD5 623678fb9f6e1fbecebf70036a32e59b
SHA1 6441c6f9867e65473e3226a8359f1cd6c3d60116
SHA256 b969a1375432476859e4d6e758635d12dc5f26d0aac20d165ee0046b18c241ca
SHA512 4a3c6c8e15111fa5a72acfe6d46a79b4a9e955fd6cc5bb3fd1a8e0a20aeb3ec060a564197e69c3e8201ee673839eb721a87725832e9341944c0ee74990547201

memory/1900-693-0x000001F7C4B70000-0x000001F7C4C5A000-memory.dmp

memory/1900-694-0x000001F7C4D10000-0x000001F7C4DE6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0V7Cnz\prefs-1.js

MD5 5d48377fad16b25f6a438fd33dbde414
SHA1 1c9c49eab6db5b92df2591cae26c37c0a7b65f0c
SHA256 43cf2f850a957be74a76a89ebc096c73e76aeb682899da6c6ae8906260a5d6fc
SHA512 fd77b14ac67515ab0619141ea2ff90c0703602540eaaa5440595f9be1de72f044571e0aae0172d4db1534f44e6ecbca976d7b5354b68af200df6819778be3a9a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile0V7Cnz\prefs.js

MD5 919061af8e9ff690d6d99b50de065f49
SHA1 919f398051be07acb92bccb2a2f997a9aff19b55
SHA256 d6a35348c655d307b52a6aa9a3e808a948330ed39433bb8f243afda2aafc7328
SHA512 5611224af7ce378559b045ee04883e445cc5fba85d3748e7a795dd9ee8b66df2ad5fc632e51062f1669682d02e4fd7c999b6b314a8ebbc28295e2f654551bbb6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\startupCache\webext.sc.lz4

MD5 16610aad7da3f1c83038d83092bbf6ec
SHA1 8b3467dd9566275b20bccce08e1aa27731a8c77f
SHA256 ba00f83a10929984696de8bcefdfa3858dd88755f9edc37fa50c831238280e2d
SHA512 9f348e0509cba1f36fb872d7455d4bf834e58e70c2d558943bbee5a4fc8b57cba10cfc8ad7dbd772229365502f5fd65425a269899d8c35c9c0ce01273d36e20f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\prefs-1.js

MD5 c6df8bee9e51d0129e379e16788c14b2
SHA1 26761fcb2ad193128a01acec0b9a1b3e728881f7
SHA256 0d75096341db70e21f83db3d0f8c6ea3892e5149bd15d437e9462ba4110a6508
SHA512 c15dda8c15602500d7b9d2a9e722955f18d92e8680ca489ef5b292d5b9e154bf78d82fd18d68a976932017820f72798897fca99f8c8f2db8a0460bd4e67b5358

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevzERd7\prefs-1.js

MD5 bea6d31ff8ff7707d7d79146fbbe9bda
SHA1 b5a8db41aa41a618e595bf6df9e003c153ca9cc8
SHA256 b7f630e578fe73996b16a3555210ca563cfba072c59286daad63777ac5793fcd
SHA512 3622d3e29cfaef56127124b06e485bfaca33816a81e5ad69599ed60614f674a7d22a4562c8a026f6272e7e662aee45cbaa84127501f6443dbac03aa1db46a81d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSOiQVM\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSOiQVM\prefs.js

MD5 9215f2de686608ad830c63659f1a9c50
SHA1 1efe841f2a0592132c7d586c7bcd35a6ae00bc43
SHA256 ec337ac14db1d46ba847ed2cd981a66f082cd185ecbe31ac25f48a4fbcc8ea5f
SHA512 dbe2f282f3f246061eb540b49367ef31cce0387066a5654176c46276e19e05717c6d15333d7371e5ccc5bb47815938cf12aef34f33ae7720b1f799f06db04daf

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSOiQVM\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSOiQVM\prefs-1.js

MD5 351f64f3ce36babfd47e97e2d8c0bb73
SHA1 ddbffacad792cac3996d01e4085cc01086373b31
SHA256 3db1f9e632d2c177f749f9fe6f115ca11d5b82bf4684358514796d2b929f565b
SHA512 69c95d03cd4f92d2dce5d083403e35fc6ce7f829bce4f408c0aee7af70413df898cf9686199381f7ff62ab4af1a0dcfc130f588b99bcfef06f8bea5dc26a8c19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileSOiQVM\prefs-1.js

MD5 2ec88ba2783d44e8d99bfa5398481b3a
SHA1 205c0d5337d9fdd8ac4c37264d9804d7cb52a32f
SHA256 090d2b54c85268e57a47d1b6dc1c284033d13969d751e26aba1de27b46e9f392
SHA512 f029d4b3b318fb141fc4e028c305fbfb2347123e52f52ae86c4254d4660d29d4cc608b55c1ce69b657fa306ea618a574be066e677ef7d8ba8e6056916ac1fe63

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebU0Gwe\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebU0Gwe\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebU0Gwe\prefs.js

MD5 da8801ff399981231ff3bc10e4d52ddc
SHA1 dadc9e52e318de9ccdc65af9eb21051ee5c2e9ba
SHA256 d9913d79465173c960a61acfe407cb0dfea565993085e9ae972345224615effd
SHA512 5cb1f7cf35e117b43c5319aedf475d5b5d668ca02d3cbb0ffa626bd7891d1c97e9c95185998d431e256d40727323092ce95479659f718ecf39985e2d4d8961b0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebU0Gwe\prefs-1.js

MD5 fcdc4f5f389d2c633bb11b805e395d1b
SHA1 d92fc740871279835d8dd8c8ea1d722e5fe0d040
SHA256 054d03fb4f07b519b94a43503a53333049af52e07d9c9db2ef148abfa2c034c3
SHA512 5ff06fbaab94f75943c3b9836cd66ba912f87976ec26a11673c61d9269f79377638ba5c22f984cb3aa9302d4b816c9a9128747a8242948ba93123a84380c0c2f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilebU0Gwe\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd\compatibility.ini

MD5 8aa0b898fed1a0f03e8084a25e7dcb43
SHA1 b144717c433e8fa16163de90cbd6372cbbae10b6
SHA256 6d94e26709e6c1c2532951d515718b4d898c2e6b4d702f5161ff5e007c522f7b
SHA512 8e445ed973fa70a2cf7bc34703ee1e6dc2cb501a44d5f71132f3ee0f3a1593b94e3d9c6f00b1d74e2991a068152453ad6d928905c237aafb4652feebe9f088f6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd\WebDriverBiDiServer.json

MD5 145603fa8661aa4110dc5f8216447cec
SHA1 eaef7bf372671778aa8fc0a28bbb42c1ec275f5b
SHA256 3ad4781ea8adfd1c69c9698279cdd9c9238e42d84f50a4bae03e780e1f636f19
SHA512 85f90910c644bd20eda00af2cbfb72ddcda848f5c73632aafc8b0a21fcd05a535eb4a988a65386f259f5154cb0dbf035204c0c1902560f0a6efff88f7198a211

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd\prefs.js

MD5 48c7b5bb0eb2036927d4b1819329be6d
SHA1 a57521552fa59387bb1d017bf1b59a6cd376e2ae
SHA256 8f421f7f837a740bc15fdebf5870c1e76a8254aa0798fdc8a26c1f2771d5032a
SHA512 f6477179cf859d04c4a66c7b4a88c41f276dff0bae2ecf18d4ccac013eb9b504dc9ff6326658ac45ffc9f667bde6f654ce96dcae1bfd1f9e075ece3ce2bdd9ce

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 b591001f9945080648f53e68db19d729
SHA1 877de14c49b63377c78a7fa54940f7a6626da393
SHA256 495210903511fcb9c01d991a351fd8f1d1b06ca89b358e40ae2c81de0e590426
SHA512 9599b03f0656fd6a0a6a2d31134b53e287f8f340a69d53e206a10e6d8e204d7a48ece86373e282037267c300d75d33dc8d67987193b7f3fda83929afcfce45bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd\prefs.js

MD5 320fa05e5a066d7f9124a2c23d168dd8
SHA1 20734fbc564bc02351a5f7339e51399e68cc8645
SHA256 0578072225ced7571fc55b5be15de6db4d2341b8a822486a9ba65715d08eea03
SHA512 88d2a99733cb091275ca0b84867e56c5fb228b5fca061484caa407d025eaf21ffe6ff0ca98d1c0010adf7f09a8e40ea971e293ff3a108271fcb9c808c15866e1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile76VECd\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile98NQoC\prefs.js

MD5 173f54a966186ae9d12fac7689675a15
SHA1 a9cc48f1c25809a5b42253f5fabbf19a27029d16
SHA256 b1ad9ceeb1b7cd0697f4fde815fe4eec2dea4ed6c645be6f94c75673e5121476
SHA512 3000a8393f5ea1ff4da226d215a7aedcefbccaef415dd9660db110fd2b513baa521a5ab60153e3e4d3ba8ba4325287ded8f7b7e9da53bd8a7e8d17f81bddfeda

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile98NQoC\prefs-1.js

MD5 3e304c3b9b6e6b8fe18278ffd42c3ebe
SHA1 21bb56633deba77340472d7ca09128e7849fa472
SHA256 35a8d221b26219977a7c90d15f7c791250764a7c906110bd6f3ea627fb2b77eb
SHA512 a0e3d14240c354e20ac1f0f1f4d780b0ae72e7d0e6f486704dc1175b6e982b7e8c546029ed1bc6ab9ad4ededdd112a997e76dfccad09b05a33ee5765f71527ee

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile98NQoC\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBKDP76\prefs.js

MD5 e90975d2ddc67400ed953a92ef60b6b1
SHA1 c321995b4d90ea30bf78ce8f378180604b4722fa
SHA256 1098dadc51b22d14245576e3cf90391da98834292ab88583259f3a1de56321b1
SHA512 e9179c50155e4ee3d055e25441a6266d2f65fb48f3e02895d4a13f5514125ab11ae38e47c9e489a53deae76f3eb3df7d33d449ca61fc5ad264e42451307be08b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBKDP76\prefs-1.js

MD5 121607509a8092efa7042ab4ef156334
SHA1 a833aebd17d21e06ff48b019ba52572d7921099b
SHA256 7fdc308d8cd21e9b5c49e792109cd9ee6ec7e599498eda8032dfddcf104ac7d0
SHA512 f7e1db03d7a8f4f10f8c24c7b36c4e8ad2f2ff5e19321d6cdd1a84b2ad274fdd47366de047550450aaef2593eaa87df6146a2509ae52059dbebfb4ec504d9f5d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBKDP76\prefs-1.js

MD5 fae517bcd611f225f1a922138533a17f
SHA1 54b9f6943a6df36fc1dea563768b2681ff8a5238
SHA256 2f6b2bd44b60ac15aeb65ccbf1b7fc873d3c7a1c090366e68f42d2e9f0423fbe
SHA512 b4c9e59814dffd9d231db473bcce6c1c1112a609280b7383f201602298058c4174626c64f3cfe30d171f77bf2aa2c9823f6fd233f43a8902e63eedcd865ede72

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileBKDP76\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win7-20240220-en

Max time kernel

299s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1984 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1984 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1984 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 1088 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1088 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1088 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1088 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1088 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1088 wrote to memory of 380 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1156 wrote to memory of 408 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1156 wrote to memory of 408 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1156 wrote to memory of 408 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1088 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe
PID 1088 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe
PID 1088 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe
PID 2496 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 2496 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 2496 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 1584 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe
PID 776 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew8deOb

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew8deOb

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.0.1776818373\182011733" -parentBuildID 20240416150000 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {7682f5b6-9c83-403d-b575-fd1dfda919c7} 776 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.1.1587832737\468619826" -childID 1 -isForBrowser -prefsHandle 1624 -prefMapHandle 968 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {7e2e8b19-f4ec-45a4-82cc-7aeecd524002} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.2.2080321260\136294061" -childID 2 -isForBrowser -prefsHandle 2184 -prefMapHandle 1988 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {64cf3ec4-04ca-43c9-93ba-685961a71155} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.3.1375764868\482636596" -childID 3 -isForBrowser -prefsHandle 2228 -prefMapHandle 2392 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {672ae823-9ef3-4842-a27b-165321b8632b} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.4.1320371243\1612765521" -childID 4 -isForBrowser -prefsHandle 1084 -prefMapHandle 1080 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {43ce8a05-8007-4cd5-9be7-f0b1c121be33} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.5.165316483\2125707497" -childID 5 -isForBrowser -prefsHandle 2964 -prefMapHandle 2968 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {4ec60a65-c125-471f-b18f-e98ec3ea94d8} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="776.6.231127471\830720576" -childID 6 -isForBrowser -prefsHandle 3124 -prefMapHandle 3128 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 904 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {668b12e5-d8cd-4b7a-af70-2d39638696a0} 776 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1592.0.1577112175\1302596511" -parentBuildID 20240416150000 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {d1ec6adc-684c-4703-86e3-3d409d385c71} 1592 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1592.1.1248884614\2025123489" -childID 1 -isForBrowser -prefsHandle 1528 -prefMapHandle 1732 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {c39079f3-1707-46c3-ac59-109edbf6a7c4} 1592 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1592.2.2060430938\1056512051" -childID 2 -isForBrowser -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {cc624a76-adca-4aa9-bc12-952d460fa7d4} 1592 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1592.3.1056039294\1123548293" -childID 3 -isForBrowser -prefsHandle 2572 -prefMapHandle 2576 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {34a677fa-d95d-4f59-873f-ee412280887b} 1592 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1592.4.1230516409\715870133" -childID 4 -isForBrowser -prefsHandle 2764 -prefMapHandle 2768 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {803cca08-d857-4fad-8bc9-ed142c2611c1} 1592 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1592.5.2043855539\2043038846" -childID 5 -isForBrowser -prefsHandle 2888 -prefMapHandle 2892 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {43c8c21b-b269-48fc-8cf8-2687dfb1f72c} 1592 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1592.6.2009959846\1523875713" -childID 6 -isForBrowser -prefsHandle 3044 -prefMapHandle 3048 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {47f93cd4-92e9-475e-aad3-41d67ffb9dd5} 1592 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="1592.7.2034326552\1459530999" -childID 7 -isForBrowser -prefsHandle 3264 -prefMapHandle 3276 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {3079f80e-7621-4059-969a-3f3a2ae2b3a0} 1592 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAljGwG

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAljGwG

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2064.0.1596049652\1984619035" -parentBuildID 20240416150000 -prefsHandle 1232 -prefMapHandle 1212 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {bbad8e3d-2f3b-4c34-9e80-e763c2597ec2} 2064 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2064.1.2001147608\337663569" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 1144 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {ecde56cc-6f59-49a2-89d7-d8333b2ed81b} 2064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2064.2.1510529678\1774656140" -childID 2 -isForBrowser -prefsHandle 2044 -prefMapHandle 2040 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {efc4f4c5-9a40-43a0-86d8-501cf7809311} 2064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2064.3.1744033015\1189620756" -childID 3 -isForBrowser -prefsHandle 2608 -prefMapHandle 2588 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {ed0cfdfe-d698-41d8-a20b-69b0d3eee586} 2064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2064.4.1927852789\527727952" -childID 4 -isForBrowser -prefsHandle 840 -prefMapHandle 1040 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {5fe3c0c7-6fa7-4842-aeb3-7bac36ef62b4} 2064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2064.5.1873342331\1681432107" -childID 5 -isForBrowser -prefsHandle 2916 -prefMapHandle 2920 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {47c346c7-e769-410c-9b79-5dac4b3a4493} 2064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2064.6.645703883\383315250" -childID 6 -isForBrowser -prefsHandle 3012 -prefMapHandle 3016 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {26d7332e-ec00-4c8b-ab04-dbde2e8f9acb} 2064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="2064.7.1325815727\169988504" -childID 7 -isForBrowser -prefsHandle 2100 -prefMapHandle 3432 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 836 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {6569d72a-07e1-4812-92db-d827b4d71a18} 2064 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEo9K7i

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEo9K7i

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="816.0.725551495\448285942" -parentBuildID 20240416150000 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {9ff433d0-f6a3-4b75-a107-8129ab93407f} 816 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="816.1.924248001\718670178" -childID 1 -isForBrowser -prefsHandle 2172 -prefMapHandle 1944 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {1c4729b9-623d-411c-bbca-17f7e82e5d67} 816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="816.2.1627576252\650609700" -childID 2 -isForBrowser -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {f584204b-17d0-4d6d-b8e0-bb131a3bec4f} 816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="816.3.1838512983\410233903" -childID 3 -isForBrowser -prefsHandle 2472 -prefMapHandle 2332 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {a9aed9d6-e3d3-48de-9575-adf6b372d7e9} 816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="816.4.1886785190\1456201524" -childID 4 -isForBrowser -prefsHandle 2808 -prefMapHandle 2804 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {1049931b-150b-4e28-9119-fca65bddc668} 816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="816.5.1420314969\859977172" -childID 5 -isForBrowser -prefsHandle 2928 -prefMapHandle 2932 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {e7540328-be33-4ba8-bb11-d48f6afc87dc} 816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="816.6.917751720\406166055" -childID 6 -isForBrowser -prefsHandle 3088 -prefMapHandle 3092 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {5242e7b9-9a49-4385-a5b4-1abea4fd010a} 816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="816.7.1557808575\2145757112" -childID 7 -isForBrowser -prefsHandle 2608 -prefMapHandle 2636 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 800 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {bb8988c8-5a02-4687-8db2-1d35ddbbd6b1} 816 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe --port 49467 --websocket-port 49468

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3iYTjr

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49468 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3iYTjr

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.0.1694619613\1201321305" -parentBuildID 20240416150000 -prefsHandle 1256 -prefMapHandle 1236 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {8545c473-30bb-47e6-aefc-a8ce855ed8b7} 868 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.1.124542469\1585559514" -childID 1 -isForBrowser -prefsHandle 1804 -prefMapHandle 2172 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 812 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {7309b862-9d1b-4723-806b-c452bc5724f0} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.2.1272799704\728511173" -childID 2 -isForBrowser -prefsHandle 2420 -prefMapHandle 2428 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 812 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {bc95f775-5927-44bb-94ea-4ff0200df893} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.3.104171380\926527429" -childID 3 -isForBrowser -prefsHandle 2348 -prefMapHandle 2468 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 812 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {fd112f7b-9ff6-431b-b92d-90a4d7339f71} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.4.2091549374\1189868245" -childID 4 -isForBrowser -prefsHandle 2752 -prefMapHandle 1112 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 812 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {09b9fbf4-c48e-4b8f-82cd-63327475ba52} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.5.1916510307\909196379" -childID 5 -isForBrowser -prefsHandle 2872 -prefMapHandle 2876 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 812 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {1604f57c-b288-4ec5-ab9b-902f43104d9d} 868 tab

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\firefox.exe" -contentproc --channel="868.6.192691494\1023358411" -childID 6 -isForBrowser -prefsHandle 3028 -prefMapHandle 3032 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 812 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\browser" - {687ce478-9310-4397-80af-f027a1c4bc42} 868 tab

Network

Country Destination Domain Proto
US 173.73.134.86:9001 tcp
CZ 87.236.194.23:443 tcp
US 212.227.237.231:443 tcp
US 108.181.133.69:443 tcp
US 212.227.237.231:443 tcp
US 212.227.237.231:443 tcp
N/A 127.0.0.1:49512 tcp
N/A 127.0.0.1:49567 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49657 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49692 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50150 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50185 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:50687 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50722 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:51203 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51238 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:49467 tcp
N/A 127.0.0.1:51741 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51776 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI19842\python38.dll

MD5 98519a6b1b8c3cad048f71453b1211e1
SHA1 b16056a5135e9b41af5dbb69042b106b27e33f3e
SHA256 45d6a5d807367599364c608dc062c6ec81def71f47c495f5d4f9eb15ad58d448
SHA512 8e68a1a01154775326e44589b16ce99e777f6aa4f2844e9ec7763de8a55dd56b97fce30a6c7340f24c51fe4c969f78dc8c53b87face365b7f7e07ff7c6528092

C:\Users\Admin\AppData\Local\Temp\_MEI19842\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI19842\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

\Users\Admin\AppData\Local\Temp\_MEI19842\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

\Users\Admin\AppData\Local\Temp\_MEI19842\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

\Users\Admin\AppData\Local\Temp\_MEI19842\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpmow4sg2i\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 fd5225eac6a4da3c904ac0c620646f46
SHA1 9993f18fa6092d2acabecf7c7e9a19c2c66f2627
SHA256 cd7d8187bc2088d4c3e21521b9966f839ddcb942b272359da552034acb2ed073
SHA512 f4efbf3d9a55a6addc51d350e686099503029d9c35ebd77ef0f7356b1af40297d1c425c868bc08f1a3dc471e8b8be4e4740ff71bd2ff4826d3fd1bafd52c7f12

\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 37b56dd766da39b0eabd2d589831493f
SHA1 7ba139dce201ded0a7d8b5af7fd01455d7915734
SHA256 7e320501b1c5375d7280c03b4c0d79c3062edc026dd4949fb1a1047868c90874
SHA512 07b9650e461ba6bd3f84f0ea354e443c586f3de8243263cc119279a39a5e93a1e4c8c3cb5c760a1a53d89c4e37cba0f067193de4643e8f1acaffd76f2b7aa55f

\Users\Admin\AppData\Local\Temp\_MEI19842\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 7c2e71915eec6b738d00f516be677cd8
SHA1 57a354587ba2dab019abb46dfee72b48551fd6bb
SHA256 1357232b73090aa7141be308ce29ad021dab864b3d4f3cb80d9b998a7d2e2e40
SHA512 6c1d3c0c37d03ecc65d4b2fd0f942ea555aaf14ed4fb54fce4af262a0c5ffdb63c78daea72d73cd3e98d1af167e8c14e2478d8da9175f1474b94df8e669d2b4f

\Users\Admin\AppData\Local\Temp\_MEI19842\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

\Users\Admin\AppData\Local\Temp\_MEI19842\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI19842\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

\Users\Admin\AppData\Local\Temp\_MEI19842\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

\Users\Admin\AppData\Local\Temp\_MEI19842\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI19842\top-1m.csv

MD5 7cf43e1f8f6fe3ea55d9c6e691499b17
SHA1 a2c3a46330aa9303f28a10f636a334481135b812
SHA256 c6207f7e5e4a59f72aff40f167c03f9fbd1d3d0a1dad1429258751a38ac571e6
SHA512 4d789f6f602e2d1d54d365e3b1f7b298fba5b092689c0059d9b2260452d2b824c0b96e25b09bef63f7a86c08a632a3498fa74b63f71c8ec2904e2430ac37c34d

C:\Users\Admin\AppData\Local\Temp\_MEI19842\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI19842\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI19842\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI19842\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI19842\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI19842\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

\Users\Admin\AppData\Local\Temp\_MEI19842\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI19842\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI19842\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

\Users\Admin\AppData\Local\Temp\_MEI19842\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

\Users\Admin\AppData\Local\Temp\_MEI19842\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew8deOb\extensions.json

MD5 0029b95839284a5b1f2acb57a6f5ed81
SHA1 e7b5a33f2a3db66106c6996e1e363c52e98cfb5b
SHA256 a41e622b509400c2ca0cc290e1f778baad0ac683b042b905b16fa2174ca371ac
SHA512 9d1e10a17da349dcc9de67760714fc64d08c46780bc150dbaad65e20420b554f118e996f84d4fd3846994e95a44e6bc85a01a8bc69b431d92d61c505f3419fd1

memory/776-691-0x0000000007A40000-0x0000000007A50000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 74716425917e6f7bdeb17490aed48b8c
SHA1 d4330821731748383390e706eca6e3aa4c3d8468
SHA256 99c871eebf317d18d13544ed857a0d56a42a2124bae37ab98e0f83bdc9d61dd4
SHA512 98b6059b659192a54db671c24741017ec110b6c0ed1f5e2ff7f4808520031815d2cbd3b00af65531d146c36d039b020b1dfd47634d0d086a8750234ab39ce49e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew8deOb\prefs-1.js

MD5 0af338ab707c9e5fc9dd4eab101a4b7c
SHA1 63b66a382f17aa32edbd97d92bbb1b7835f2c37c
SHA256 cf372ef6bba5d9eb5ac9c08d5801c0133f2612fae97c64b3b21e9ad0587e8a92
SHA512 a46c92bd2e87021a5ee6b458e8fbb07256978069a91396dd376e7a9bfab03ddec53b58eac1975df6e95cb6232b73a1b5d4b7ecd7f006d7885f16575fb26f56a7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew8deOb\prefs-1.js

MD5 cbbde4d75d4a46054434b1e4300a558c
SHA1 8122dc6f8186547523d844327f5ced45c7b6201b
SHA256 4a25a95ae29235d8c708b0e538b3578428b04332ef57624294ce4c3f4daaf958
SHA512 6182f6df6d0019f4724749e5d75375f62261d53142572fc1a2d83ef3d49bee7a682fd0d5ffd1dafdf87b5015c3549d11278a82c00f6b6dbf5ac5cab41a94ad85

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilew8deOb\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\prefs-1.js

MD5 ece9c1965e3a8b16e2667d4d4ca6d04f
SHA1 88cb585a7f336d6ca4ac3178994931daa56c2f60
SHA256 c6fb8eebd5e281aaa42cdb34c3273d41afa84ab8f40524c99977566710f596cc
SHA512 38abf1227719773f94e9efc7d48c5ee914cd611b46aa22f8327783c0b94a91ffcefcf24aa9547c1d863b697fcb0305a34ee622e9d8737eb062e0500ee8cbc1a6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\startupCache\webext.sc.lz4

MD5 07e23306a8459f597ef3658103f37ad3
SHA1 a445ff3fd7d4416d1166935e99035c37eab422ec
SHA256 d0fd76f10a9e4b21bb80071eeb8197bedbed297cde1d74e278f8176f546cdba7
SHA512 cd582d9a41ac30761e1537396aa272f766480fbdbbe36c2effcea87542090b3d644fdebb72f155763caa89b1e385698a4269412e3526351f6c0985cbd83a3cfa

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\prefs.js

MD5 614233a73f8fd6ecd89a326dc213f4f4
SHA1 f099c8d8af40cdc4a8331a9b99b1b994bdab2bb1
SHA256 16a14e54dbd7d46a4d0a723bda7f37e65689bdf9b64715c397fa8bddfac5bed8
SHA512 416ae8da730cc9bdeab1556e83a2340874d3c580964e11668f955857b7ad70d6e898fea11962ae331ec5f4bd6b15d6dfe95d4c0542e83c230223273a58357f47

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\prefs-1.js

MD5 73223bffcb3135c86c23616b1911ab9a
SHA1 7abbb41816631c079c8d742fa0c40b25c18d853e
SHA256 94312d399fef5ed5cb4801c27d49c40736e660b116c7e22cfe8efbb6b56e3ff6
SHA512 e6a5767f71cf38b6100e954d08409adda622c2328fbc6966f51456bd3d7ba9ac4f5e0b9f0cc8628ef944ef38c54b50ed90b54d8be8ff8e46792e5bc9f073176c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileqSRmND\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAljGwG\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAljGwG\prefs.js

MD5 995b157cc1ed11723fb44d0517850528
SHA1 b6a537b8fd48443458394e1bd21ca0d3ab9f4700
SHA256 d80afb7622579f1e8f5675cfcb746df56007789231d60b68749a2991020a409e
SHA512 ee5fc262b45c1e6c5575e5c565846cc818e1800db295f2788bd1386a802f54bda641eecfa7a3a34eeef69f789a9173233b63740a6cd5872fff49c2cb7fb529c2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAljGwG\prefs-1.js

MD5 5c6f99c0ab3da2259b8e5c38bd496357
SHA1 a8fac1c3254d9e152cd7cda881fba3a3b37550f5
SHA256 27e1bf4f6f287b2a79ce8c4a8ef940abbf57eae15a15b56c76ed4dd5cef9a3e0
SHA512 4d88c8da5ea648cedf815c2b84df3b4c70b6af02e27bd3bf60d546f0e5aa34b89fb9d631a9e673fbeae8735f7557941923fb8adc8bb98d9340dfe4aa96fd1eb7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAljGwG\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileAljGwG\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEo9K7i\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEo9K7i\prefs-1.js

MD5 d2aa87536d6364d67beee46ddb39f0ac
SHA1 172855cf25b6b5fdd685cf68f6215f837e7550ae
SHA256 e3b2438c28c880eb22892dd1b19a72dccdaf0efe0a5405430b9c0cbcb6c96045
SHA512 ba14a658e2081341073f2e624b54d69569845e1b28b9d4072c4119e7a638beae8b844bfb1fbedb53902e1c51837e15447348ec609da0b4eaacc65f34444bf091

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEo9K7i\prefs-1.js

MD5 45c1f4962c15bc162e865c5a5bcc24d7
SHA1 79815cf2b0d76811f2135004945d5c7fd60d8406
SHA256 88beed5631b76a5dc11b9ca99413125e42d69064122520d873dd69413b5def86
SHA512 c5b1f57b7e90dccae205771f9dbf80f9d448d04816e57e16c59c84e621081fc7b7b8cac48fd77623a11023ec7db11b8c8a0e77efaa40be0ed9a04356a60fbab6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEo9K7i\prefs-1.js

MD5 b6104c8a04933e5ca14719ce3278dc5a
SHA1 5ec364825ad072c593dc456c4bea2a1282c27f48
SHA256 420998060a1dd2219040cd6c2d36aa2af2200084d305adf91e0e63ded7fc8df9
SHA512 b2932f90d48c75fbf3a5fdc8bee57e9709ea1a43afd53f85152a358f634125ca24b56ee36c1172ecc9ca7940aebe3cb5372157a3234ba4fa6cfe96d51abde14e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileEo9K7i\datareporting\glean\db\data.safe.tmp

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3iYTjr\compatibility.ini

MD5 8b1f007d6d12143785e1f9d6c3a0eb6d
SHA1 3602167f057cbeae67d6087952e0626ef2000355
SHA256 8ec5bd55518b2ceb06992fcfbfde48bc017030879788dec7bb510078a7dc65d5
SHA512 0a660411a2df62716b2502828fba4f5dfd8e10e6d16e483f4496b3f98efebd1060543d7a8d57b3e13ca331185f699147d86704148d71e200c2c058f8db6a9ad7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3iYTjr\WebDriverBiDiServer.json

MD5 588c0fd9303cd517cd8991361ee77d43
SHA1 f0e98d927756b403434bf9779828b202470dadda
SHA256 0c97cca358390c391b821938ce78ee3f21d8791b5ed8366cb37716268b3cca0c
SHA512 fc0efcd87d52f97acc5eea271a8d87917210642231ed3df53c45745a89cb56461da742084ea69c8c0a605c582a7b954ea3a386e09769d2aca6a9a45b08656046

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3iYTjr\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 2f40851801e4c47aae4998477cbd1163
SHA1 428d4e5f67a277129aab0ca51a349f9cb2d9ba48
SHA256 f03fe5aab10f0c9d8381ff0ff457c0f7b542613deaa8a536b8555d79cf3a1bbc
SHA512 ef50f74feb037d821d1e431a424941c41310062a9bd8d01493f4278f03ea3b3969829e88cae1058768c4a460cb5a5c34e4fe2cb63389dc9debb1adfd52f7dd1c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile3iYTjr\prefs-1.js

MD5 a9a70c8266a59c9a036991548e093f3a
SHA1 fb55f3f02177450ea38e5a318362668b96558a9b
SHA256 bbda81a569b5154b799fa22d8b1a3259c9ea9f8a80678cfb55ddd2e55d985060
SHA512 797f4134eb03cb36568e0d902e9463e8aa362ce9bcbd4aec2aad695d66c37166af94cd64401ef4f252f23a48639dfcdcf340a6be3ed450dd367a58903502bf1f

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:09

Platform

win7-20240221-en

Max time kernel

296s

Max time network

332s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2504 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2504 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 2504 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 840 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 840 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 840 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 840 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 840 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 840 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1996 wrote to memory of 696 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1996 wrote to memory of 696 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1996 wrote to memory of 696 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 840 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe
PID 840 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe
PID 840 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe
PID 2528 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2528 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2528 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 2040 wrote to memory of 1092 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe
PID 1092 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe --port 49479 --websocket-port 49480

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49480 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUgfCH2

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49480 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUgfCH2

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1092.0.235247914\665085078" -parentBuildID 20240416150000 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {a62b3806-a829-482b-9fe8-2c81206e7c34} 1092 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1092.1.963429328\1898027035" -childID 1 -isForBrowser -prefsHandle 2028 -prefMapHandle 2024 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 828 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {72942930-8b5e-402f-ac25-78d517118ece} 1092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1092.2.376594764\1820987141" -childID 2 -isForBrowser -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 828 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {8a6470aa-d401-4133-9b8a-76a533a9f3a4} 1092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1092.3.2024054297\1163265547" -childID 3 -isForBrowser -prefsHandle 2720 -prefMapHandle 2724 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 828 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {e7d59c5e-76c2-43f4-ab82-5521ead78882} 1092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1092.4.2034838438\1668502643" -childID 4 -isForBrowser -prefsHandle 2400 -prefMapHandle 2708 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 828 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {986133b6-e2b5-447a-8e56-258432db1c9a} 1092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1092.5.1368463454\1191984713" -childID 5 -isForBrowser -prefsHandle 2844 -prefMapHandle 2848 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 828 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {7c995e06-5dbd-4f2a-b286-96d759796a6f} 1092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1092.6.937571392\1350923677" -childID 6 -isForBrowser -prefsHandle 3000 -prefMapHandle 3004 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 828 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {56060fa3-9f2a-415b-8077-5761a677c60d} 1092 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe --port 49479 --websocket-port 49480

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 49480 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 49480 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.0.1557993742\101937402" -parentBuildID 20240416150000 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {81bcc0ef-81fc-483c-b78b-902cc6c2151b} 1248 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.1.471441283\141133692" -childID 1 -isForBrowser -prefsHandle 1976 -prefMapHandle 1988 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {5f5d551a-31d7-40d2-87c3-d63060b44424} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.2.404474033\1392634018" -childID 2 -isForBrowser -prefsHandle 2244 -prefMapHandle 2248 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {c64cc3ce-d18b-4f5e-ad4c-8954dd6cb778} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.3.707254796\28626554" -childID 3 -isForBrowser -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {ae6cd51b-24cb-4559-9a7d-354eeca21763} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.4.19689507\231748889" -childID 4 -isForBrowser -prefsHandle 1092 -prefMapHandle 1084 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {625e5f41-cada-4233-8c13-6a180c2f874d} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.5.926675700\273657876" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 2796 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {af74d541-ec57-4436-9266-20abf9b28bcf} 1248 tab

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\firefox.exe" -contentproc --channel="1248.6.306844160\764457696" -childID 6 -isForBrowser -prefsHandle 3004 -prefMapHandle 3012 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 860 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\browser" - {9954e674-97bf-4cd3-b3ba-8a5aee5e033d} 1248 tab

Network

Country Destination Domain Proto
NL 103.251.167.20:9007 tcp
DE 185.220.101.192:443 tcp
CA 54.39.73.124:6672 tcp
N/A 127.0.0.1:49583 tcp
N/A 127.0.0.1:49587 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:49686 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:49721 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:49479 tcp
N/A 127.0.0.1:50206 tcp
N/A 127.0.0.1:50241 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI25042\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

\Users\Admin\AppData\Local\Temp\_MEI25042\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI25042\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI25042\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

\Users\Admin\AppData\Local\Temp\_MEI25042\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI25042\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI25042\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

\Users\Admin\AppData\Local\Temp\_MEI25042\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI25042\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI25042\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI25042\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI25042\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI25042\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI25042\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI25042\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI25042\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI25042\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI25042\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI25042\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI25042\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

\Users\Admin\AppData\Local\Temp\_MEI25042\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

\Users\Admin\AppData\Local\Temp\_MEI25042\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\_MEI25042\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUgfCH2\prefs-1.js

MD5 53d1b6bc0a5742915ed21f425650a41c
SHA1 e9a0d07a51504da8e5fe3da79b743cd2a2b5e0f7
SHA256 4274c5562309ff334b4e221a9bd428dd030da9dfe58ca6af46e9c9b0da92e809
SHA512 3fae68a1bb314ccf0b947aa16aeeb1a938d33b02ec673c0f0f7b9e573ace8cf37a1eefb5f6caca4e2ba18c1ab479e1c6920f74b875a227a3464b2e94f78acfc9

memory/1092-671-0x000000000B1D0000-0x000000000B1E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUgfCH2\extensions.json

MD5 2d996c1d7c4f5d7823db5b1b1a93595c
SHA1 850e962f2b27df1311e618e6001584aadfb58c29
SHA256 07abc0a06b9627dab8d8267a3e75f7f5b3b76084a7ab9b79e532fd3da1729d02
SHA512 09ea5142bbe3b1fe959f2c2b11e0bf88d74caf186f82dcbcaba68c0f5ad054827019882a0124dcc9a15de9ac8fe81586eea7946c71925af82cc6a8f52a415fd7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUgfCH2\prefs.js

MD5 4380f014400a761894ab36496df0e357
SHA1 c0ff35080fc93a6eba80afa71064c9f06c51ed39
SHA256 efb22ca947842f0eaa83435c0d49cd07f3f894a418f3b31c53601b5fd79b4f11
SHA512 a1526a5531be7c9222131cd334c6054e143c40320c704ce2063d705fe972924d7dd209e276844237d5b4420b47ece5595d6d2c4b7b4218cb9f6faa21bb333915

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUgfCH2\prefs-1.js

MD5 03cdc4bcd5cbe9c5e29e487d49963099
SHA1 a58f6d1ad7c1281186da5eebc04c85406708c596
SHA256 ca7f2d618b33426756621f85c4a453fe19e0aa132fc3c15ef008a7e6d8f0bf1d
SHA512 adbc714ec7b8047dd27a4745e86645fe03c7faa090d3fb31ef69229920f02df6e1f4982f04d69c7160f264f56d0ff718a843c9b07286289e0e497c96551dc3ab

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUgfCH2\prefs-1.js

MD5 6379a5f43ce6385e8d5c39853ff2a8e3
SHA1 e028134fe22d6c1ac29cf40a440c0f4ceaefc905
SHA256 089c6ea74c37baac123fde822141898b03dcb1400aca18b975ce1ff63eac4354
SHA512 ad4b2b84f0bf00df2cf37e709f0d2649ff8ca1e1f0b7e2d4aab12581c016007ba77a4d036b71d3e99311dbdf425587199712a8e52a6620d88f21a10e9c82cac8

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 b01d17eb1ba3358e779380d72fda0ff5
SHA1 634de35053d5ea211846851e6f353e51e3bb6f81
SHA256 1e88fa8c78547aca63dbeecaa45611c7fca07443743e45a9c40aa6d97158070d
SHA512 b549496466c591184d21cd64f71cb88e2cd8bcd77d0267815d4c1454a61a90e9b56d0cc72d25bcc44677299c8c8f9631ea9011e910a071461c4801e919b5b9ef

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileUgfCH2\prefs-1.js

MD5 9b62c3774d59b3768b6d5581e24012fb
SHA1 934b4c4f269a7f325228c03a7972e69a4d1422a5
SHA256 626e9add03bb7bb95d4719efb9f416d4806f1556d1bc9d8676eb83ceaaf2e832
SHA512 6ec7bd29c06de9bf63c3f1b8912a83fab12e6a97c855c24feeecfc00189e574f7fc440d3a1ed670b235b2c5eb152beb25f204a2e4c5c5851442bc20d4aa02ad5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\addonStartup.json.lz4

MD5 1fb3796e7144c095b097ec77fcb18f38
SHA1 a47037403059e3de25497ba6782e467a22fee1dd
SHA256 1e428d2be6d5b3bc343a5d78aefe800476ca80bd2871fe7884098c8991cd2bd7
SHA512 c0ef6b5660ab4f2adaec4837c98d20844dc8b6d990b7e55fdedd7017f0858f3f10f3f9601279bb48a9e8f14bea60f49b7562cdbb8eb55d7d471798de7c19c887

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\prefs.js

MD5 78d7c625f258179adddcea8e3f1948eb
SHA1 a89699318d1e0706e8084713f8b057067f6b6d1c
SHA256 9add05a7d1289c28476366a397ae4d1ecb13bf9c554f032739e9d03bf7fc6fd1
SHA512 c3fa1bef87218502f1124b1aaa3492e8bd8ada24998c66e0a9785359577571bfaa3c007f13c426ea54344d49c889c7113d07a49e15f2b1e0be4c3472670a45b1

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\startupCache\webext.sc.lz4

MD5 7ad0b0da2d0e369e2d6c59e4f51d4f29
SHA1 e51423b8adef90a07ee7f434853db203e907035a
SHA256 75a76fea7060b231a70d217357df7f7c25935eca717bae5c328a6a792312080e
SHA512 995d571db6b6fbc0be617fa0b773870a2e032e0bcd19aa863ea1e8521f71a49c335b32516c5a7c57ee1da3604e6fd7827e4f630f30bcf6484bce4f47440c0a37

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\prefs.js

MD5 1ba6ad9a4e91af3a147ab668a54f66e5
SHA1 d2e4aaaac31c5253b7a1129d0da1a11daa8346a9
SHA256 61e84fddfbeba87a81893317b05d0457876ec52c01d2f9dda0c953ae39d7c89d
SHA512 fe662f192e27622ec3f572a93fcacab2b80ab5cdc00c5377c9922be3edaa93d14106dae5a0da32c0c6fae03a0588b7e70831eb330c968f20108fb6d5ca5df3b0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\prefs-1.js

MD5 4e6ed38499c41e90054237080bef26a0
SHA1 ede7e8bc791defbbc2da16e480da53d9c1fcf8d3
SHA256 3a24d660c605fbf807d830f1ac5bcbe702b7627fc551378c119f4a705cc106b0
SHA512 d1512f1537ed6311fe6ab50284e5b98a16cdb210c1750a864a6a6c28c4cf025943d7f8576eabe69b9c0f85703db42684c210914bae41a403f3367c8ac966f78d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHckUwE\prefs-1.js

MD5 26041d1b6690a8530566c2e1a2218765
SHA1 54c593e294fd313e88b9740fdec2f41de654684f
SHA256 9b91b9b64c1946031cf08b99d4b5f04c71395bc9c50f70a80bdef746dff5ce64
SHA512 a0222d879e320d6f7f09af8dcd607c6178ae4a3620bbf84efb41e432186443fe90e92dbc7ecf4c5b645e9ddbe9d21d30cae45451066e16584ec3188d42ad98e4

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win10-20240404-en

Max time kernel

298s

Max time network

305s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4524 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4524 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4732 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4732 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4732 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4732 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 1596 wrote to memory of 4952 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 1596 wrote to memory of 4952 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4732 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe
PID 4732 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe
PID 3128 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 3128 wrote to memory of 2084 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 2084 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe
PID 1380 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe --port 50048 --websocket-port 50049

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledQYIXX

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledQYIXX

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.0.370794727\1133681503" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {295c68a9-2df3-4d2c-addc-8ed499f21802} 1380 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.1.639284485\2058106677" -childID 1 -isForBrowser -prefsHandle 2524 -prefMapHandle 2520 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {6205ca72-df16-4952-81d6-39762d363bd3} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.2.1995729299\984469274" -childID 2 -isForBrowser -prefsHandle 2720 -prefMapHandle 2904 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {9869b1f0-8e2b-4afa-9152-93581fd425aa} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.3.21675315\797142902" -childID 3 -isForBrowser -prefsHandle 3220 -prefMapHandle 3208 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {39876793-8608-4e5c-b20c-2681b49ad84a} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.4.495971965\2139358768" -childID 4 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {fb93accf-8d72-454f-b6f0-7847351a11f4} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.5.1940750129\2054646732" -childID 5 -isForBrowser -prefsHandle 3680 -prefMapHandle 3684 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {a1e95543-0d0a-4156-940c-08bdd66ad1ff} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.6.727434622\713362801" -childID 6 -isForBrowser -prefsHandle 3904 -prefMapHandle 3908 -prefsLen 25239 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {ffc2f1cb-3684-4bf3-8da1-6933cb5331ae} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.7.1791194233\1717116626" -childID 7 -isForBrowser -prefsHandle 4268 -prefMapHandle 4084 -prefsLen 25536 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {f01086be-7b6a-41d4-8599-92fe50f45a68} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.8.839402455\1212348963" -parentBuildID 20240416150000 -prefsHandle 2916 -prefMapHandle 3756 -prefsLen 27720 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {8d810f4a-3f00-4a25-b473-e838d25cb45b} 1380 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.9.1028131506\1176988130" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 8580 -prefMapHandle 8584 -prefsLen 27764 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {54423f09-6aa4-446f-8767-31cc24e86675} 1380 utility

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.10.304322099\1588387966" -childID 8 -isForBrowser -prefsHandle 8372 -prefMapHandle 8360 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {96911a9e-eb48-46ed-9547-49611629ad72} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="1380.11.2048324657\1370983481" -childID 9 -isForBrowser -prefsHandle 8600 -prefMapHandle 8596 -prefsLen 25580 -prefMapSize 245849 -jsInitHandle 896 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {45c54965-4187-4521-aab2-7256e9891be8} 1380 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe --port 50048 --websocket-port 50049

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5976.0.1952986365\1728933978" -parentBuildID 20240416150000 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {7b70ab23-312e-4f1c-b914-eda0f17bba23} 5976 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5976.1.131969501\547204179" -childID 1 -isForBrowser -prefsHandle 2316 -prefMapHandle 2392 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1140 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {6cdca299-0e11-4b51-afd7-1c62c3746cff} 5976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5976.2.635437969\82484241" -childID 2 -isForBrowser -prefsHandle 2980 -prefMapHandle 2976 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1140 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {a1fcfb9c-96b6-43b5-bbf9-38f65909ec76} 5976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5976.3.1679473412\845085834" -childID 3 -isForBrowser -prefsHandle 3108 -prefMapHandle 3088 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1140 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {01a8912e-c417-440d-97a6-b2b2a2093b6a} 5976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5976.4.814879836\638743260" -childID 4 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1140 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {b2acdb30-9ec2-427f-a547-6a24019e4f03} 5976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5976.5.954186264\1560586916" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1140 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {f4131955-774e-45b9-a30a-e8554e3c6f64} 5976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5976.6.781607978\1799976615" -childID 6 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1140 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {8389bc94-2b5d-4113-9235-fbbfd94fe71b} 5976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5976.7.192119370\29140879" -childID 7 -isForBrowser -prefsHandle 4340 -prefMapHandle 4360 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1140 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {86deb589-fc2e-45db-9ae6-f33e9594efdb} 5976 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe --port 50048 --websocket-port 50049

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG70izl

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG70izl

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4316.0.425052691\1405296624" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {d42fc95e-ab97-4d54-92c8-0c3cc73d332a} 4316 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4316.1.2113270914\646342022" -childID 1 -isForBrowser -prefsHandle 2596 -prefMapHandle 2840 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {ed63888b-1a36-40dd-ab89-b41d93982935} 4316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4316.2.1045124845\851448907" -childID 2 -isForBrowser -prefsHandle 3316 -prefMapHandle 3312 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {08862494-3ac8-45d1-8110-a65d1ed24d88} 4316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4316.3.696970582\940394177" -childID 3 -isForBrowser -prefsHandle 3088 -prefMapHandle 3128 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {5fc02e63-bbfd-4cc2-939f-dc293cf4be00} 4316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4316.4.1874406525\327385281" -childID 4 -isForBrowser -prefsHandle 3716 -prefMapHandle 3712 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {066b43d0-e124-410c-ae7f-232d9bd5c0f8} 4316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4316.5.989650628\45710836" -childID 5 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {d9bad8fa-c5c5-4bd4-8cd1-9372a16d0ff8} 4316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="4316.6.715325437\1446226176" -childID 6 -isForBrowser -prefsHandle 3904 -prefMapHandle 3908 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1128 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {70bfcfba-60c8-4e24-a192-602eec221df7} 4316 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe --port 50048 --websocket-port 50049

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerlS64A

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerlS64A

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.0.1114361306\594582466" -parentBuildID 20240416150000 -prefsHandle 1504 -prefMapHandle 1480 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {02ea5d16-2d6f-4ea5-8949-280c532dea32} 2740 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.1.2112985565\2046372096" -childID 1 -isForBrowser -prefsHandle 2544 -prefMapHandle 2536 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {efea84f8-93d3-4e94-b964-2a23036c57ee} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.2.1229770343\732560641" -childID 2 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {30c8a386-772c-45bc-bf6e-aa02f5e37906} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.3.177127602\1787945476" -childID 3 -isForBrowser -prefsHandle 3420 -prefMapHandle 3560 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {235ff021-8cb0-4ffa-814c-d9a4f4d14130} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.4.1376028591\726579432" -childID 4 -isForBrowser -prefsHandle 3856 -prefMapHandle 3016 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {e4431f58-fd07-4f4a-85e4-0a742732d417} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.5.800326606\734281975" -childID 5 -isForBrowser -prefsHandle 2116 -prefMapHandle 3064 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {aa73b5cc-efe4-4433-9f4a-a6e4319e5db4} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.6.289100527\178298273" -childID 6 -isForBrowser -prefsHandle 3200 -prefMapHandle 3216 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {2b3057f7-0e6d-4bb8-aa49-8afdd54d6e1b} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="2740.7.52026576\157754319" -childID 7 -isForBrowser -prefsHandle 3288 -prefMapHandle 3300 -prefsLen 25412 -prefMapSize 245849 -jsInitHandle 1132 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {f66974e9-00fa-4f63-ac6e-9e0e2c83d6c1} 2740 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe --port 50048 --websocket-port 50049

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWb6xuA

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 50049 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWb6xuA

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5496.0.1759227202\341376994" -parentBuildID 20240416150000 -prefsHandle 1488 -prefMapHandle 1464 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {ea219e26-b3b5-47d3-b3c2-f743fb6a9ccc} 5496 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5496.1.1494039868\2074979011" -childID 1 -isForBrowser -prefsHandle 2208 -prefMapHandle 2076 -prefsLen 24346 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {c8c51a8a-cceb-4ce8-8d41-d5b136d81419} 5496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5496.2.461903530\1272937954" -childID 2 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 26505 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {72f585ae-dd6d-4079-9787-155fe0981f16} 5496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5496.3.1879629813\2117113383" -childID 3 -isForBrowser -prefsHandle 2992 -prefMapHandle 2996 -prefsLen 27358 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {aa9e7f77-a3d1-410f-9b60-6377de1a0f55} 5496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5496.4.1665657517\1510922335" -childID 4 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {dae4836c-515d-4275-8137-40b885d65470} 5496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5496.5.1591909601\1724205104" -childID 5 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {727029e6-004d-4da5-9fb5-c84d51d0e5d2} 5496 tab

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe" -contentproc --channel="5496.6.1867486010\100980900" -childID 6 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 25288 -prefMapSize 245849 -jsInitHandle 1136 -jsInitLen 240916 -parentBuildID 20240416150000 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\browser" - {1a178599-0404-4893-b4d7-09bd5b2dbcda} 5496 tab

Network

Country Destination Domain Proto
IL 185.191.204.254:443 tcp
US 8.8.8.8:53 254.204.191.185.in-addr.arpa udp
DE 185.220.101.47:10047 tcp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 47.101.220.185.in-addr.arpa udp
DE 5.75.230.210:443 tcp
GB 77.68.30.104:9201 tcp
US 8.8.8.8:53 210.230.75.5.in-addr.arpa udp
US 209.58.145.210:443 tcp
US 8.8.8.8:53 210.145.58.209.in-addr.arpa udp
N/A 127.0.0.1:50151 tcp
N/A 127.0.0.1:50155 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50247 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50257 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50681 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50689 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50978 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50986 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:51227 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51235 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:50048 tcp
N/A 127.0.0.1:51545 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:51553 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 15.204.234.61:9000 tcp
DE 45.14.233.205:443 tcp
NL 185.237.100.26:9001 tcp
US 8.8.8.8:53 205.233.14.45.in-addr.arpa udp
US 8.8.8.8:53 26.100.237.185.in-addr.arpa udp
US 8.8.8.8:53 61.234.204.15.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI45242\python38.dll

MD5 558cf5db4f57dac06a67077b0eaf1f0b
SHA1 3ea9784eb834df3a92d3f6c35b7d5a5a98d7b30b
SHA256 02a2849625ffdc1800e882c8916901ece0b9aae3a9f232a4029206b1ca5d5d5b
SHA512 85656bc22b3c12e7dac5d583ac897cf148b8ede8bed373143c9a26ba79914fb99e1dda3a7dd1389d347550204f0cb8cdabdddd37d496b2b96a2893114ad5d693

\Users\Admin\AppData\Local\Temp\_MEI45242\python38.dll

MD5 85521629be9a172a4feade211133ad47
SHA1 b240975fad61e244cabb1792d5c69462c766ac8a
SHA256 c0b6cc6da7319d7deafa0f886226b3674f7947b476f4bb4ca4bdfc85ef41ca9d
SHA512 54c4957734397ed6371a4ab3083b23c9664e9651d36122bfa472ba148e0084fd8869361b26c24cb9956013ecde3a83a79b9741e53e580f0bbbf28e07bb995774

\Users\Admin\AppData\Local\Temp\_MEI45242\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI45242\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

\Users\Admin\AppData\Local\Temp\_MEI45242\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI45242\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI45242\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI45242\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI45242\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

\Users\Admin\AppData\Local\Temp\_MEI45242\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI45242\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

\Users\Admin\AppData\Local\Temp\_MEI45242\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI45242\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI45242\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI45242\top-1m.csv

MD5 11136fa0eb32dbafb2979b5c07816a51
SHA1 783b6bba1043b11a3850ba5c922e39bb1409d094
SHA256 98c29fb0f6ecdff973c17b62389b8892a69bda49e2dd0c0ca888ebf4ae1f322f
SHA512 3f20d5d0f977dc1661bdf98394674ac5c3b1d85873d6ddc1c2a430ae2d0d46d517473c9884e60474093dcac5436d8aab64d98c0e56532edc49b449822aecec49

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 b5c12d055da1a860c64e12fa500bf3df
SHA1 a609d35d60c8fb3b95e1c6d8d632ab4abcb56577
SHA256 0d2bcf89b48e95fe3b4a9b58e6cd24c1731559bd15f43cb3adb7421f67f00ee6
SHA512 0c0c75e4048c51af99ca26f7eae072ca4d432b09802cab168c467ce1801603594046e1a873502546d76e7b573a182b47a145ef885a3b12c86cebce751a84a303

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpbgqfz32e\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 68f5573c3aaff2c05535e7a9d79dd759
SHA1 9cde8a5daec2273d03f57f53b21b53094d2621db
SHA256 d2357d994e65b48cb9f902b19e207f0161186a88ec12b8268d775f8c8ec75662
SHA512 3310ca43ff7130710bd4d08535d01dc28646bd84ba3ffb72ded74899a019f78942d32d3779d9ff8e07ac0d1591c99a96827c7beba7dc06247cd5ccbfd3a90906

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 dff7c11471a2f55c9dcdbffacbdd24e6
SHA1 a86bf99113b0118aaeca6ff79a53d2b1a68b85a8
SHA256 88a08a38f16810abfce451d234a6e02bf61a808bce1a897b6dbc399d0e1a90f5
SHA512 f56698f649e4b688dcc2bd4b4f573bcf5ef4a5464290f82766e5bfe35c9f85ca2d619f6800b86356c31b9d4875d8e46909a07166593da8cca5f612069d836b48

\Users\Admin\AppData\Local\Temp\_MEI45242\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

\Users\Admin\AppData\Local\Temp\_MEI45242\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI45242\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI45242\nss3.dll

MD5 3bbab9d88f4bf598a240ed5f82619a09
SHA1 3223ceb7fb3fe5fa57627c41070c203c8aca7594
SHA256 4faeee895b033561f8e4389784a529b7150ed3843db0ffa3d08582f10ad2337c
SHA512 54e55e529821103970fce0350d59f0e8d354748cce3e58c27d4aa73b7dc0f6fdf39e3b6cff37c53da0e07a96724f49d1acf3258f461c1e9974af5eb5c139e2c2

C:\Users\Admin\AppData\Local\Temp\_MEI45242\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI45242\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe

MD5 ecd8efd4cab1e6f7d84483c09c9ce6b7
SHA1 aafe438def0edbe9176f462d1e4e8c4a1883540c
SHA256 5032f5bb47f24f8e677397e347fdb4a501b0eda42f5d5aa2f5186edadf9838ec
SHA512 eb40225be2070f88465d35b56d5fd2f94ef4a9ead2306ce5c81bb2fa31b1c252e7b8f57befad32130023c5893fd1cb499c387daeb9b760ce2d008691c5359ea9

\Users\Admin\AppData\Local\Temp\_MEI45242\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI45242\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\tmpbgqfz32e\webdriver-py-profilecopy\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI45242\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledQYIXX\extensions.json

MD5 43990ced9283512bddda05ca6b7d2947
SHA1 b990c1e5ec20577eaef4a3575c68d125b06b6aca
SHA256 110eaada4c6548c7ca4292f69aa7c6b11f1664f82dba0c1399c077c593d84bd5
SHA512 5bee1a5c29e8566ca6cc06b045bc09f00702cdc2ac89a2c678623e7757973fd325730f97588c6142a99d20051ff042856671b7caf762545549a3e5b71941e6ba

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 bebb0906243d82a744b308f4412ac692
SHA1 7e04342a07ef267c4907c8882aae5cc97b4f2066
SHA256 77fddc96a18242c6155a57628cffa676f22a564800a1e148b5b180bc197f6230
SHA512 5c5cf99fc3cd2e713af3aa9d59eb7dd1351edc5036ac38d07b961c97f74ff2c55e361038af18f5574363a161656c2c62b6cac9565df025d16f59a21ac705d494

memory/1380-583-0x0000022195BE0000-0x0000022195D50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledQYIXX\prefs-1.js

MD5 c7c4dae3c3df144bfd659976f9e1780d
SHA1 1e4ca440386fd2e7f38db406aae726a547d93445
SHA256 e023ca5d63f2177b30e69a8b16295c810f5ca7ba335b46293191372d39dd2680
SHA512 eeb2f93292da6921a09885a6189c4e9053c717203be219617c4395e3b193d07715b5510b1567ffcba8a589fe1043242ccc030d4dc370f3d29cb64ba03e36cec7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledQYIXX\prefs-1.js

MD5 48d43db6348deec57a52ed68480da660
SHA1 4eae56ac495bcee2ca5468dff8725e197f768a71
SHA256 564187920ecefe940b732e24a83705dab79b890db1b3c1d18f1e1fa75e4245ab
SHA512 9e5a4feda3c8720a51399e2bbf1b4071a852c06de9efd76156b57e404b2274569108f2ed81e89b372360c10333c9b0012e88bb95dbdfb29c8fea46fab0a497d9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

memory/5976-886-0x000001A021010000-0x000001A021020000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\prefs.js

MD5 5e556b8724998d3a80e2f49e25e987d0
SHA1 25c32e2c45fa7c53162cb2cbad250272e500b714
SHA256 d6913ea23fb8d71cded37e3ed7922dfece8598a59a12bdabfbc6cea708bbc4cd
SHA512 ae29eca5da3b085da2ff2f19a6173dc5ae25a77a553bf1bda50994cf675cbd799bc135cd3e63349b64951973479d2996c199f1e4846287b94daad716e183f1f9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\startupCache\webext.sc.lz4

MD5 1b799cc5b6cf681cfa54d37c8ce8cb06
SHA1 2f0fae44eb2fe74542df923e37f0c7e23a74fd17
SHA256 ce654b3257aec215ee980682aa6a48628dac50252a09301efe8686ff3f406a03
SHA512 10263e878623c9375095f150a83e5fe42fb5feccea139e107d37b2337f0c68c4f8a47952247d7e8517876a12dcd696202b8ecdf115577c0e416a489a280451d3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\prefs.js

MD5 77c3bb2241ec57b1910b28e411ff04f4
SHA1 79554c8199e1312229cdc9e00955f9e177df6741
SHA256 a315d67f6ca82248860a4ca16aed423e61beef5420fcaddae6d21ba4387471b1
SHA512 3721ec2ae2aba331200ec41690b4694bd324a5d04fb0bfed200675ca9d3a0ab74d72a040546e8960f75f9d97e91e830abc7df618579faa3f5cd7c7040b5dd4e7

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\prefs-1.js

MD5 315f6317c4d03edd6ccffbb4e3c0a747
SHA1 484de0826444693637c7c10f32e7d5123c4b7c96
SHA256 2f25b4945f503e13ba12b744ef737d1dd0a72210a0faa530e147e6e078a95ac3
SHA512 5b5c17df9a9aaeafc0e91d5647006fc317713a72fc87fe81b82b473f74e080f1d15d29698c850e789f103a65ddc2d1e911720cca9b37232949f457498799b939

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilePsR5et\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG70izl\user.js

MD5 736db8c9b955f72129a6644a9c797093
SHA1 59f1c80c407e27ffe85407a82f7b7250c5ee3753
SHA256 668694ca0485bfb77e7049bad327ba3f83534f31c1d50744f227c996eab4097f
SHA512 9916d339304272357ff56976bfcb9fd2d607ccbaa33dc40b88618c9ae31833923d3f2e8288cfc1f0090da90803b5e07404c41182155db2d2345df6f63020f217

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG70izl\datareporting\glean\db\data.safe.tmp

MD5 7fba44cb533472c1e260d1f28892d86b
SHA1 727dce051fc511e000053952d568f77b538107bb
SHA256 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf
SHA512 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG70izl\prefs-1.js

MD5 9b57b2c5b62ff2e23bcbc7e396aa6746
SHA1 dc6b0897a109442fe51e98f1e41408337eb86c3d
SHA256 1265a287accdcdd41c403dd287567e47f7c8d993190b1e922e7de708045ed31d
SHA512 d41bdcf095a9ed85716bcd0614431ebad420c42d097ebafc09fc05a5f5273390d1236afd1e724a29bf2747b30da62292f1c0573035088ad1d7dd3fafc8547b95

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileG70izl\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerlS64A\prefs-1.js

MD5 403c769fe7f862e6d73bff60ae66156b
SHA1 f2bb6c1f6df5229dd3d951ccd9d0abd79110d66b
SHA256 c7146b46e37ac940314fa392426846c3d1ea59be665b3fc01fc4b16fc7ab8d50
SHA512 bc8350e42e197997579ec1088cd86d252c969ba87a5491b5a15a410deffb4f5a35b1cb7aa8b691dafd45435c0d539200438b54a0e4e79860e14eabcecc2b4221

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerlS64A\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerlS64A\prefs-1.js

MD5 5c64ae25a7b0898341e3f49cbd31f037
SHA1 358d7c0e04669acf0a11727e1184cb9bca485253
SHA256 3572c222241adb439b29ab36434850622dea60c6a5c2b5aa7af340e9918056b8
SHA512 c46acfad7078ceb8aed62c411755bbf81db01833cc7f95c82c5edf80caa451f1b40a696a170d9008456f786334af70cb68a28f9ffccb4ca8eb79c7c7d40af015

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilerlS64A\sessionCheckpoints.json.tmp

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWb6xuA\compatibility.ini

MD5 ef0a527d8c345f2bdbd31b49d6ab10d3
SHA1 d868b8e96dcf1f06e7e3fa0ee858b59aedd8f7bb
SHA256 b99803c4edfdad3f7a4d77696dde3537635802c62bb22da01df98f5ea3338b8b
SHA512 7e2f6cfe4a632cef63092a0bd68f108e5ce443d8d74570ec35965c2f2e7e75ca87b4d85edcae369c555760730f55c105dc1090ea78e1000c1ea0e1f59f33ee82

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWb6xuA\WebDriverBiDiServer.json

MD5 82910a511ebbb0faa1adf29ff27fbfdf
SHA1 91ee905c2650f3df36bebd1d91b0c78df7330de0
SHA256 04f776d0ebe607132455dfb70e7df16a18c722968eec0eb42161ab7c30014020
SHA512 e2641d3ba3e735fcd32e5f6921610446bc6bf5a17af0ca7dd12c69b22465446dc1aade2047983b6670c33263cece24063ff147b8470192525da0914b148158fc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWb6xuA\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWb6xuA\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWb6xuA\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 bc3e2e830892cfab0f80ba5e607ab694
SHA1 a94d039ecac0fac4adc91dcfc8917c6ba4e607aa
SHA256 f029fc7761fe5ec947448e736b8108c3aad0562b8bac2728546db3875e22158c
SHA512 624b73f11eddddedc153c3e4c68414f55db99f45f4db9decf613493925c408540deb1fbc5feb30cc5c32c6b1371866bcb48785407b1c3b584146923f8982af77

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWb6xuA\prefs-1.js

MD5 1752f4c135d56e9ddaf58354dbc3d080
SHA1 e67d3639f70267f84feafe39842e49b31c3b69ee
SHA256 730024c21ac223a791d71dd5fc25323b859c810338322543f4d1a2f31e0baf40
SHA512 1a3f8811535afcaeafb040fe21d4a62407edf636374e35a3e777ebf147c4915aa22cb653f7b58adffdc1e83960cec9714665a9d698e820b1c4735d3cdff0b3d6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileWb6xuA\prefs-1.js

MD5 911fe5439cf9a0413207569e669b19c1
SHA1 530dcd9785da8961b6e6695d62a46a289158ad63
SHA256 587d665efd81ac7a3bc3c5c63e0f2ecd4e0f3165f9b1ff2ba6360b06071b6849
SHA512 04cb245fa6d3d84b32c67dec3e933fac16228264c5fced9e6a5cfb8bde25f3513cb21590c6532f3c0ffa96602c5776b409f77107244e7772c222f23d005ca6da

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-09 01:55

Reported

2024-05-09 02:08

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

309s

Command Line

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Tor\tor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5016 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 5016 wrote to memory of 4136 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\heavy.exe
PID 4136 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4136 wrote to memory of 3620 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4136 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 4136 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Windows\system32\cmd.exe
PID 3620 wrote to memory of 4496 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 3620 wrote to memory of 4496 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PID 4136 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe
PID 4136 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\heavy.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe
PID 4408 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4408 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 4656 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe
PID 3388 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Users\Admin\AppData\Local\Temp\heavy.exe

"C:\Users\Admin\AppData\Local\Temp\heavy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser/Browser/TorBrowser/Tor/tor.exe"

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe --port 56330 --websocket-port 56331

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9Szzrs

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9Szzrs

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.0.2049367218\1432261194" -parentBuildID 20240416150000 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {de8aaebf-3cfa-4c74-8197-2de2de1b182d} 3388 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.1.1894069955\194091167" -childID 1 -isForBrowser -prefsHandle 2484 -prefMapHandle 2480 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {f712f804-b9fd-4f72-a7fc-0d7d019ce5e4} 3388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.2.812372174\1749611180" -childID 2 -isForBrowser -prefsHandle 3216 -prefMapHandle 3212 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {b314b4d3-def3-407a-b094-cf77d694b1b2} 3388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.3.1249105961\750982097" -childID 3 -isForBrowser -prefsHandle 3256 -prefMapHandle 3780 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {fbd31ffa-95b2-4261-b0b2-8fe79427dab1} 3388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.4.924885415\1018371800" -childID 4 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {061351b4-03e4-4616-a23c-592468a1c079} 3388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.5.248413813\1831753628" -childID 5 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {f4f7f9f4-affe-45c9-a294-8fa33ce27be1} 3388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.6.1140632598\1995224382" -childID 6 -isForBrowser -prefsHandle 4372 -prefMapHandle 4368 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {cba70f8c-b22e-4808-9302-4b5b9a626a17} 3388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.7.304194472\494178223" -childID 7 -isForBrowser -prefsHandle 4936 -prefMapHandle 4952 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {387b96a0-bf15-41ad-a694-b91d18da10b9} 3388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.8.1179194077\501876588" -childID 8 -isForBrowser -prefsHandle 4068 -prefMapHandle 4304 -prefsLen 25367 -prefMapSize 245849 -jsInitHandle 868 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {d9e29232-791d-4359-82bc-d2dd2ae33443} 3388 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.9.1287793361\2028782224" -parentBuildID 20240416150000 -prefsHandle 5072 -prefMapHandle 5172 -prefsLen 27513 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {842b320f-8f16-4f72-a35e-4a9aed5082c0} 3388 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3388.10.308164825\1739318775" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 5016 -prefMapHandle 3796 -prefsLen 27513 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {b4187c59-e7d4-4321-ae9d-a3240ff0df18} 3388 utility

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe --port 56330 --websocket-port 56331

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.0.1394078108\685604639" -parentBuildID 20240416150000 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {ef4939fc-e2ec-4664-b0b2-d4136245cb29} 4552 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.1.93178359\779326372" -childID 1 -isForBrowser -prefsHandle 2496 -prefMapHandle 2512 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {87c48d43-eb8d-4f43-ab49-f021ecb767a4} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.2.796166304\841999412" -childID 2 -isForBrowser -prefsHandle 3212 -prefMapHandle 3208 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {1240b805-d97e-4064-b488-d1241056aefe} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.3.197033685\962456079" -childID 3 -isForBrowser -prefsHandle 3220 -prefMapHandle 3460 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {ee7b6c28-5533-439d-a46e-6daf9bc28b6a} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.4.465893766\342619863" -childID 4 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {4068b912-bb7e-4d64-ade8-ae615aae7942} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.5.1600224325\1831188288" -childID 5 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {168d4efb-82bf-41dd-bf0c-b0c94855dd03} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.6.2012648380\467605220" -childID 6 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {f2b0944b-b0cc-4154-b647-f0a0e16ed27e} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4552.7.614949168\661130753" -childID 7 -isForBrowser -prefsHandle 4648 -prefMapHandle 4652 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1272 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {be9ead71-44fc-49db-b793-b451e6a61583} 4552 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe --port 56330 --websocket-port 56331

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletwcNzS

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletwcNzS

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.0.1079304109\885129429" -parentBuildID 20240416150000 -prefsHandle 1692 -prefMapHandle 1684 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {895d50ad-13ca-4b08-8cce-df895de260b7} 3304 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.1.697797350\1469020842" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2676 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {5a55a686-8786-481c-9f54-1a70d0773f28} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.2.378454296\781767446" -childID 2 -isForBrowser -prefsHandle 3304 -prefMapHandle 3308 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {d0228e2c-6843-4efa-b5fb-94382217973a} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.3.352378099\396282409" -childID 3 -isForBrowser -prefsHandle 3548 -prefMapHandle 3560 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {f525c063-d3c9-4c33-97cb-e2f53e854594} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.4.1888458163\327361234" -childID 4 -isForBrowser -prefsHandle 2432 -prefMapHandle 3904 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {7dbab8f2-5069-449e-bf90-c4853d820fde} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.5.718457485\390582677" -childID 5 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {065348a8-79f5-4411-b5ec-50d8ab3372eb} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.6.800612472\1349187837" -childID 6 -isForBrowser -prefsHandle 4332 -prefMapHandle 4336 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {e0674fd8-fdaa-46c9-87e4-cbd568aea57a} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="3304.7.1991155645\2092700273" -childID 7 -isForBrowser -prefsHandle 4884 -prefMapHandle 4888 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1304 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {87761086-088a-46a2-bd26-2f9fbbe7f558} 3304 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe --port 56330 --websocket-port 56331

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledvAYcn

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledvAYcn

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.0.273189888\1128593245" -parentBuildID 20240416150000 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {b78ec83c-60ff-47f9-aa47-c1dd3839d391} 4604 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.1.1205859085\961027074" -childID 1 -isForBrowser -prefsHandle 2632 -prefMapHandle 2628 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {43ccd2d8-74ac-4101-80d3-3445f3600da0} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.2.1020548138\1792442627" -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {3d8e6f18-446d-4acf-a24b-a4f8a5fc96f2} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.3.1000803867\1741403311" -childID 3 -isForBrowser -prefsHandle 3712 -prefMapHandle 3716 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {fa58d31b-4608-4095-91fb-0b23cb909e50} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.4.781918151\965008842" -childID 4 -isForBrowser -prefsHandle 3272 -prefMapHandle 3236 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {b72a2462-5a2c-450f-8cd7-5e365072d379} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.5.57563284\1233388294" -childID 5 -isForBrowser -prefsHandle 3960 -prefMapHandle 4008 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {935a4a52-b6a8-4056-8da2-8e5ea112e0c0} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.6.1916455784\114394626" -childID 6 -isForBrowser -prefsHandle 4092 -prefMapHandle 4100 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {d0ac8546-347b-4d56-ab90-4d6372700f99} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.7.1458162224\321271204" -childID 7 -isForBrowser -prefsHandle 4140 -prefMapHandle 4136 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1196 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {cc79117c-a162-4c58-a517-bbe7eb32c23c} 4604 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.8.175142926\772453181" -parentBuildID 20240416150000 -prefsHandle 4524 -prefMapHandle 4488 -prefsLen 27362 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {3187a536-af1b-4737-870b-81006a96b2a2} 4604 rdd

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4604.9.104716506\671220391" -parentBuildID 20240416150000 -sandboxingKind 1 -prefsHandle 4492 -prefMapHandle 4476 -prefsLen 27362 -prefMapSize 245849 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {e5c24564-86bb-4baa-9a3b-6a25259512d3} 4604 utility

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe --port 56330 --websocket-port 56331

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN9SoIi

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN9SoIi

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4772.0.881443559\1255269477" -parentBuildID 20240416150000 -prefsHandle 1668 -prefMapHandle 1660 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {bfc6ba0a-1db7-49e3-be33-384db86e3d9f} 4772 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4772.1.1546772485\170220823" -childID 1 -isForBrowser -prefsHandle 2636 -prefMapHandle 2632 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {2026d597-12d4-4952-8fd8-4eb6c8b16576} 4772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4772.2.2024038264\510403645" -childID 2 -isForBrowser -prefsHandle 3168 -prefMapHandle 3164 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {86fe86cc-8fc5-4b1c-88f7-dcfc00a3161d} 4772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4772.3.776405747\533482257" -childID 3 -isForBrowser -prefsHandle 3424 -prefMapHandle 2268 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {c3385c50-d686-4a69-8ad2-e82d5fa7a7ed} 4772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4772.4.1811229559\1572374235" -childID 4 -isForBrowser -prefsHandle 3276 -prefMapHandle 3288 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {820abae5-fa22-4b02-a17e-84c5bc91aab3} 4772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4772.5.1978784740\1133672045" -childID 5 -isForBrowser -prefsHandle 3408 -prefMapHandle 3252 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {5840dc4e-86ff-49a9-a75f-b271491b691b} 4772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4772.6.631889385\594166816" -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 4108 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1288 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {1b9584b1-12f3-4144-aca9-6d90712f7676} 4772 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe --port 56330 --websocket-port 56331

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevPdKZd

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevPdKZd

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.0.780149694\1654541430" -parentBuildID 20240416150000 -prefsHandle 1672 -prefMapHandle 1664 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {f83938ce-a15b-47c0-a775-74446c9e44f7} 4808 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.1.905186303\135150508" -childID 1 -isForBrowser -prefsHandle 2764 -prefMapHandle 2792 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {3b1b920e-fdf8-43c6-99fd-f3f481917270} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.2.1300749257\878979398" -childID 2 -isForBrowser -prefsHandle 3344 -prefMapHandle 3228 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {a9cd6506-590c-4186-820c-0f164543d122} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.3.524355684\887356330" -childID 3 -isForBrowser -prefsHandle 3360 -prefMapHandle 3472 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {4a225cb1-fef7-474b-a0ba-6b87b04d6486} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.4.1598410000\2015737524" -childID 4 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {19814057-ecdb-446d-80fd-d7d2dd5a1033} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.5.119782669\1245584107" -childID 5 -isForBrowser -prefsHandle 4184 -prefMapHandle 4180 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {ea90023e-b2f7-4d7c-b686-3394ceaa7454} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.6.1471137299\625348958" -childID 6 -isForBrowser -prefsHandle 4352 -prefMapHandle 4348 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {386deaee-d1e3-4ae1-89d1-15f931dca235} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4808.7.462542974\1678346488" -childID 7 -isForBrowser -prefsHandle 4672 -prefMapHandle 4676 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1252 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {3a48fb3b-7877-4399-87a9-a377f596aaf8} 4808 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe --port 56330 --websocket-port 56331

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser/Browser/firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHySWvB

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" --marionette --remote-debugging-port 56331 --remote-allow-hosts localhost -no-remote -profile C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHySWvB

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.0.886096828\1589741714" -parentBuildID 20240416150000 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 21882 -prefMapSize 245849 -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {fb66ac12-13aa-4e5d-bcd1-6be74978c1ff} 4392 gpu

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.1.246117047\594218883" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2804 -prefsLen 24301 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {39396908-875f-4ca6-8f74-b6cfcd874270} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.2.128261703\1523214901" -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 3096 -prefsLen 26460 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {c70175d3-c07b-41a2-aca7-10a61ee58667} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.3.1586136608\1999899577" -childID 3 -isForBrowser -prefsHandle 3564 -prefMapHandle 3680 -prefsLen 27313 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {14571ce7-6414-486b-9c64-337fb52c9289} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.4.626461163\1578586998" -childID 4 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {13e9c90f-f84d-41c4-905e-009dd0c76970} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.5.226879760\842449159" -childID 5 -isForBrowser -prefsHandle 4156 -prefMapHandle 4160 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {e6e61a86-e52d-4962-a8d6-410aa490b97f} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.6.1830977420\1923553904" -childID 6 -isForBrowser -prefsHandle 4212 -prefMapHandle 4220 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {795d8f63-9aaa-44df-ac61-3f138e8236c0} 4392 tab

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe" -contentproc --channel="4392.7.1557372892\1048445075" -childID 7 -isForBrowser -prefsHandle 4696 -prefMapHandle 4732 -prefsLen 25243 -prefMapSize 245849 -jsInitHandle 1324 -jsInitLen 240916 -parentBuildID 20240416150000 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\browser" - {2390b187-1a6f-44c1-9943-a84713e605f9} 4392 tab

Network

Country Destination Domain Proto
DE 79.143.177.192:443 tcp
CA 198.50.175.148:443 tcp
US 8.8.8.8:53 192.177.143.79.in-addr.arpa udp
N/A 127.0.0.1:56432 tcp
N/A 127.0.0.1:56434 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 148.175.50.198.in-addr.arpa udp
N/A 127.0.0.1:56330 tcp
US 162.251.116.82:443 tcp
CH 85.195.244.251:28123 tcp
US 8.8.8.8:53 251.244.195.85.in-addr.arpa udp
US 8.8.8.8:53 82.116.251.162.in-addr.arpa udp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56539 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56547 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56959 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56967 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:57321 tcp
N/A 127.0.0.1:57329 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:57668 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:57676 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:58023 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58031 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:58294 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58302 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:56330 tcp
N/A 127.0.0.1:58618 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:58626 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI50162\python38.dll

MD5 26ba25d468a778d37f1a24f4514d9814
SHA1 b64fe169690557656ede3ae50d3c5a197fea6013
SHA256 2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128
SHA512 80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

C:\Users\Admin\AppData\Local\Temp\_MEI50162\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI50162\base_library.zip

MD5 09f7062e078379845347034c2a63943e
SHA1 9683dd8ef7d72101674850f3db0e05c14039d5fd
SHA256 7c1c73de4909d11efb20028f4745a9c8494fb4ee8dcf2f049907115def3d2629
SHA512 a169825e9b0bb995a115134cf1f7b76a96b651acd472dc4ce8473900d8852fc93b9f87a26d2c64f7bb3dd76d5feb01eeb4af4945e0c0b95d5c9c97938fa85b34

C:\Users\Admin\AppData\Local\Temp\_MEI50162\_ctypes.pyd

MD5 291a0a9b63bae00a4222a6df71a22023
SHA1 7a6a2aad634ec30e8edb2d2d8d0895c708d84551
SHA256 820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324
SHA512 d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

C:\Users\Admin\AppData\Local\Temp\_MEI50162\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI50162\_bz2.pyd

MD5 a49c5f406456b79254eb65d015b81088
SHA1 cfc2a2a89c63df52947af3610e4d9b8999399c91
SHA256 ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced
SHA512 bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

C:\Users\Admin\AppData\Local\Temp\_MEI50162\_lzma.pyd

MD5 cf9fd17b1706f3044a8f74f6d398d5f1
SHA1 c5cd0debbde042445b9722a676ff36a0ac3959ad
SHA256 9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4
SHA512 5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

C:\Users\Admin\AppData\Local\Temp\_MEI50162\geckodriver.exe

MD5 f60c542253cbe94f762e15c7b064b55d
SHA1 7a32f034217266db6d799893edc976e891a82944
SHA256 989c9e22c08924ecb0ce8901889dcb4dc8db33b0b4c8c88ffea38fe89f04c6aa
SHA512 1a91ba760e9893521e417a4b6ab4a25c1a1d8aadf89ad98a60eb114f65a88f9d2616f3cc102c08b95a0e91d0cb7245ecc2b4fdbbbc17465c57844e6db2b2e8ca

C:\Users\Admin\AppData\Local\Temp\_MEI50162\_ssl.pyd

MD5 d4dfd8c2894670e9f8d6302c09997300
SHA1 c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e
SHA256 0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0
SHA512 1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

C:\Users\Admin\AppData\Local\Temp\_MEI50162\_socket.pyd

MD5 4827652de133c83fa1cae839b361856c
SHA1 182f9a04bdc42766cfd5fb352f2cb22e5c26665e
SHA256 87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba
SHA512 8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

C:\Users\Admin\AppData\Local\Temp\_MEI50162\_queue.pyd

MD5 dd146e2fa08302496b15118bf47703cf
SHA1 d06813e2fcb30cbb00bb3893f30c2661686cf4b7
SHA256 67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051
SHA512 5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

C:\Users\Admin\AppData\Local\Temp\_MEI50162\unicodedata.pyd

MD5 601aee84e12b87ca66826dfc7ca57231
SHA1 3a7812433ca7d443d4494446a9ced24b6774ceca
SHA256 d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762
SHA512 7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

C:\Users\Admin\AppData\Local\Temp\_MEI50162\_hashlib.pyd

MD5 5e5af52f42eaf007e3ac73fd2211f048
SHA1 1a981e66ab5b03f4a74a6bac6227cd45df78010b
SHA256 a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b
SHA512 bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

C:\Users\Admin\AppData\Local\Temp\_MEI50162\top-1m.csv

MD5 ba0857be5e9736dde1f5cc44edd5d21b
SHA1 b130759907909cc97bfe0d9a1fd65b8942c931aa
SHA256 7800cdef850c31931b2b520a42f858c4feb5ca86d6b3789e6173a02e909595ca
SHA512 08446902bc588e323b8fc551502ff869be6c2bb64f788d1bebfcc30a04c3e589b0616e84fc55de3d81d7b19b26e690024a442e6a27096808bc613bcecf3f6db4

C:\Users\Admin\AppData\Local\Temp\_MEI50162\select.pyd

MD5 e21cff76db11c1066fd96af86332b640
SHA1 e78ef7075c479b1d218132d89bf4bec13d54c06a
SHA256 fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28
SHA512 e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

C:\Users\Admin\AppData\Local\Temp\_MEI50162\libssl-1_1.dll

MD5 50bcfb04328fec1a22c31c0e39286470
SHA1 3a1b78faf34125c7b8d684419fa715c367db3daa
SHA256 fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9
SHA512 370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

C:\Users\Admin\AppData\Local\Temp\_MEI50162\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI50162\pyexpat.pyd

MD5 2ae23047648257afa90d0ca96811979f
SHA1 0833cf7ccae477faa4656c74d593d0f59844cadd
SHA256 5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95
SHA512 13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

C:\Users\Admin\AppData\Local\Temp\_MEI50162\nss3.dll

MD5 71747091d34cc634b9ad3c360b45b0a9
SHA1 111cf483836f6a392f64bc9398a327be1c43dfc8
SHA256 6e69c7c93a9d06c34c5f5429813d3763fe7ae4fb09c1dc5b0f0290b2dd8befcf
SHA512 b911fd3b201a84c7663135c2dbf72e2368d68557181f5e1a32be271b0e73181f34990575fba44002fc92bae7d90caf530b7ec9212d3d022b4526906f0c2eb35a

C:\Users\Admin\AppData\Local\Temp\_MEI50162\mozglue.dll

MD5 3e4d1ec1d2a6e85593459601b5a0a828
SHA1 92ee422285282dcb170cbc7808299d14d8d27963
SHA256 eefcf97ee8a298c85c9d4d44bb8747c0cca1ef5922e25000814148fd0fbfb2f5
SHA512 4fe70fdbf8c902497537fbcda6e96373c636521aba2db52e3047abad37a9b857ab1668f203bcdf2815bbe0c485ec751dd6031043f459fd4af968c5d495e44ba4

C:\Users\Admin\AppData\Local\Temp\_MEI50162\mozavutil.dll

MD5 4ecbb73d44518fc2b601a1ac9a38dcad
SHA1 f7c96e85d5b32af8efb784e75164ec4f0c6f4f10
SHA256 7f629ecfd36353139e9b067dc5ba84b411ed74132aef01b4430ccb016af46a52
SHA512 12946996b2bdd87dd08cf046b37ff21dc23ab336c92d2b42cfa2000743c79524205004623b67505294080f60f9b5433005457f8a385e0461cef2cded6aa3d610

C:\Users\Admin\AppData\Local\Temp\_MEI50162\lgpllibs.dll

MD5 726abf1280adf3129481b94b2bc644c4
SHA1 404f69e71296f2d199535e8a6d9fb56707fcbc5f
SHA256 8969747ecb7dfd4a6dcb9150017e14ebbf90ce558f6fb469f6b558d039e9259a
SHA512 160b57aa1a28ff35210cf958fd7821aa2cc1cf6fca1ea38d768fa90111826b096518363b00b6818d21743aefd6bbbfa358fbe2fe3afa95edacb330a747c6e5f3

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json

MD5 26dd091069531a62061de8ca1c56d46b
SHA1 6c9daa73f096174f28f86c9bb245cb8a540f5c2d
SHA256 2cde4e7f9f1c6ab6fcf729370237845c72314a6c6d942fab1989f37e6c610a9a
SHA512 180d42c642f5d1126efbf89af33f1b4d1aa936aa530834b508eabcf3ec845aad91daa871ee6517e1181910f5720edbc3788d6a4b2455f1255d7b52b95de2d66d

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MD5 47539d0337e97e22a728afc2638d461f
SHA1 d97b37079543b33b9b605c787945f809aed66fd6
SHA256 262e52c5bbaa9bcd2dfcb4cf7da83a1efa95ebd0299f82031ad31a6ab19405a5
SHA512 3810ebe80173d41785a42459fc5c4a8a31e56294f2c03fe99416925a34d242b88023565057201c9b6dcbdb97c8396d8305a723c0e31bb5b560b031b299672d4a

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\xulstore.json

MD5 8d689c06cb844185099c0398a280537e
SHA1 57073c7526ec37e94bb9db44fedc6d50276f7a6b
SHA256 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d
SHA512 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json

MD5 797325af481a14ae243f10d5f24b4a0d
SHA1 718b6ed3d9d839b8fe0a0e097b9ac5f5770ed5a1
SHA256 1d70eaebce1c81e3241ae47deb92aab50f90dd8baa4c7cb5e9f7eb6b1e66abb1
SHA512 ac9aa2b028bdffe24831ba50894fb48eb70b100f6973875987e24f075a3e9196f96699667eb3a5d2e4f86041d510447c75fe6e55562813451712878a3411c3b1

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage.sqlite

MD5 7f2754df6a4a580b15910f449892766d
SHA1 9dcaad98563ed89781f53941cbc43db5454de7f5
SHA256 d3765d63c380e5a79296d566b7869c08b1f4e079787176f29cf2ddcd76330654
SHA512 25f0205a8c4aed02e9e1f9ecafffb36cb3bb795ef9f06cc12ede9e8b0459ae5b86573b3b4980b92073a59204eaf314cba34c03b99e90ab98f804fe378fe02839

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 ecb1dedf5ef99417494e424ca42eb67f
SHA1 e2a293cbba50c6624e75cdaffe472967f3961023
SHA256 cccd56daa3559a54db61113fbdb5b6c96649cdd65b5cf14bd442c3f2e3b738be
SHA512 5ea0645775933d5bd2f913d58e344253a58578c920af95bd0fb81ff4f13a4998a919f0856ffdc97541abf9fc3797558b0f2467bc73214b63c7ce568ba87e550b

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\.metadata-v2

MD5 7abc816e004d9ed0f292770cfa8876cb
SHA1 4a1eeb702543f0819ef7c64b9f3bfd53be292106
SHA256 2960d61c10694d76f29beca0eb96c06608cf4bbf479811449a39197e8580842e
SHA512 9883b894e65a426227ea9808b69e2259f206df76bd9bb9e7c0ebd7521acbdad0a92c4a531f739c93b1e53001eca8a1a42e122baa1e1885b11d4ba34aae24961a

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\ls-archive.sqlite

MD5 d277f533f1d77e26d09bb66764bbeea6
SHA1 082920ebe7dfb870cf94a99fc601fd5ae8b456ee
SHA256 3c957f8d69ccfe73b66c28d378bf301bb1bcb0ceb5c59ac0dafeb5787b24f3c3
SHA512 510c78685b20a68160d9041d5a55a022a281fc0fd5777f978dc422d132961bf52ac23a0a95ca47b15715641ecb7a39b359da8d00d305c8543d553c00db54747d

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 cbb1daad9fc48ab13e35fcd3621a5999
SHA1 0eec8ece735465aea259f8223762f93fb13a97a0
SHA256 8a03ae38ee38cf04dd9a5e2c5563bfd930886cae2170ed4200829288e5c155da
SHA512 818629d68123ae629bd5a1c7e768ed79707360457be1b7c50f7c59447bf9ee398fe78c925f037649d6b1ca529a9cf3bf8077b6f525f3e88142c56bc7e5451e8b

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\.metadata-v2

MD5 2c740091198dcf20b9c600791e2bcc3c
SHA1 dd6f376ba9139ddec20ece64da0760054133db96
SHA256 e39504c71ba91c438c682a8c83c7ecfc5410b853d7788a4c561a8c6e90bdbe59
SHA512 a677a432a4af6b5ad0131d224d2e4c999c2340a54ba770f9f39429fd28ad05a921fcf65a1b714af5deae2419abcf8ab38472e15f0f8758ccf7b7769a40bafffc

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json

MD5 48fcad918c62db97e9af1dba1d131473
SHA1 d89381594d3241b0e645033f67572a5d8c166764
SHA256 dd8349e2789db1125b477971c5d445b6afb2f6ea3b57de65080631040900fe8c
SHA512 2278d074aab519859188b047c77fe7b4db718e0af237b63e06a1b095d7a1eb4e07d6ea59cab5d7b1325aae0047fadea36eae12a80bfefe112aab85fc18aa1ca3

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4

MD5 b6d7fc9b6ebc5f46500acc52bf6c9808
SHA1 4fd8111c436d89b83890e98b4cb7d0343e568340
SHA256 2bd35c40d02dfca6c685a001287d89c1ec743b8d4d87a0a568c1cbd0b5ba4974
SHA512 7e7111112af9448be4da527ae1d76ed93ec1e236dd00db63ff30d93d1f29cd699193e1e2635b110dda3ec36502c25065ef7d1613537451916ea301eb0f3e084b

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 8565a303ddc83b03f8662b034597de18
SHA1 ce6453779eb52055599ddba097a95ab82512ae5b
SHA256 b6ffe8a2973d7050fd5ffcf7ee1c995eef8d8dc5d58cb0a05a6ca0953bd4c6bd
SHA512 2b667252645b7f1202582beb353fbb2320f81b1f2e42a8327792309709434092a953727b222a5d81bac1482a547a498ca5c9d3d2c772858746cf29d18c684566

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite

MD5 2eeb46e1c58ff1cce4ac2d4d725b2cc6
SHA1 89aa36e77e51da31fbbfd682a2acc91f6016d275
SHA256 e99e5ee165f2a0d5d39c5cc5a1d994c0534cf7caf8779f314f0e92b2d59d2b6a
SHA512 23d5e39c25375ef4a83713f44615078878253411cd6ca6c4a149de915cd491b328046ddd189a113585361faad6a47ebd6ead31f062681ab25b0f2832a988265e

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\favicons.sqlite

MD5 0351b833a5c095852e821535974441c8
SHA1 bcbf5c294852c2d80af7862d19791b994aea7706
SHA256 dd13400afe7ebe5d0be37c951ff961be293b63588cc3635a62fa5f071ab69eef
SHA512 3eaefe9e400fadf0b947036e15b4dc5c7b42fbbcb716426ba478073eff1e7d7bddf3f72c44dfb5fafe6712d7ea9f2c52c172607d719f238a22e432afdb618b97

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 e2e8f9cf938f81b1185086b12c5c9d90
SHA1 b67c857a7002b3262f09ffc9fa8524c58a01e5b9
SHA256 a053bba02f38179197090a9a9849aab872af5b09dc61b2f69efb0d8ea2d0f5e2
SHA512 3bab571f5c43ff72ce1dd654b584d053cba937a3d3cc4d07cbf57ac7acc821b199b90fab66abc62dbe32e75297143c810c995d87df076e75a583e321d081d87f

C:\Users\Admin\AppData\Local\Temp\tmpzfzj25p7\webdriver-py-profilecopy\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

MD5 a3fb2788945937b22e92eeeb30fb4f15
SHA1 8cade36d4d5067cd9a094ab2e4b3c786e3c160aa
SHA256 05b98840b05ef2acbac333543e4b7c3d40fee2ce5fb4e29260b05e2ff6fe24cd
SHA512 4897aefe3a0efffaa3d92842b42fe223f0b9882031a65bea683f4554d1fec92b8a66ea15c67e9b95c7fc12991cde3245010ccfb91768ba233711ced3412c13bc

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-preferences.json

MD5 d2e8aceaa00ad916618bea2eee81aedf
SHA1 28b26f0db0b4b2504a418983089795761c56e4a1
SHA256 fc52b830f384921b69b457fed04dfb4239fb08e9fe7d8ac07c4c269bd9f6f622
SHA512 b6cb1f872dfc024d28524976aca3ad8840943ca0fc212326e8b6ee6fe0a57d5120a6c1da824ab70d7f9ee8dd674bdd32ace038db4d893b893830bf3267c6e59d

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.bin

MD5 b1c8aa9861b461806c9e738511edd6ae
SHA1 fe13c1bbc7e323845cbe6a1bb89259cbd05595f8
SHA256 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70
SHA512 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite

MD5 2ec530a71bdac21f299f9ddb823be222
SHA1 5425aaf19c0832cda06be506e88f2435f432d287
SHA256 ccad2cafe84d27b3be67a87f0e32b7670e451c7ceefce6f2aa38f658976334b3
SHA512 94eec8b0f59c68331d9187dd4dd4aa2b2c31d844e72bf707cd9e0c7c72c64982a3babcacf3d09a996422281ac5479ee304b41a577e54a74308d7a31a7d7091d4

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini

MD5 e50a617598b0f635e6f9ae4a9d445b78
SHA1 a372ec393dd6271bd00cf02f894152887765da8b
SHA256 c9053fe76caf2607aa3043fa8b60070956198590dd8aab868145e0644cee30f5
SHA512 e851c226c38d4a6dfe43074d455fd75483d6c9b4d9521280a64f5b1913a055084d7764f13a8d0a12142a716a4031cc2ca4916c131d41c18a4d7a95128cb03bc0

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\addonStartup.json.lz4

MD5 85de06e3d4c6f39404776f3c7162c59b
SHA1 3e4b8ecebaa9c903d220ee23d367be8e8ba27619
SHA256 33d83687f45f4dbe12db0a0ce697cbce2c228d71ed474ad10a839ff7ce95012a
SHA512 6cd4cac7bd74ac01de30d242b2bc75e7dc2e23c0871250ae8176cc947553dbfc702a2392380acdad6bec355aea6dfa95708af54c560330c36c05bb0f34169963

C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp

MD5 80e882ce8268212cf4db9fbe44f95336
SHA1 85abc152168a20d8db2c6501aa43a97ea72efc8c
SHA256 32c7fa19bdf922f35368bbda1fd91b30fae89f7e8615c8224901e4e3454ee937
SHA512 eb6fc2086c0c5b1e2207c675e49713961246559ade42f65f5e1d51e6139e503eacceaa57542664f7161dc320df0403d90bc85e499aa2d0f09c4a3d4236920cd5

C:\Users\Admin\AppData\Local\Temp\_MEI50162\Tor Browser\Browser\firefox.exe

MD5 65aa9b0f57d72e4d70e9226322221adc
SHA1 85fec174d0977afd8c0100c9d9b53c958e1949bf
SHA256 51b63860fd996d6d5b1753ba6bb7f3a4303f13187fbfecc96ba2b6bae52a7410
SHA512 f84416a5e9293b8b82993e9424b13d5bb8542d1a379d04f498b60f0b5805626b7c97bcc6f86f6cfd33031b0d65d0ad23ce6d836995b5a481ed29f62ef89b2c85

memory/2180-493-0x00007FFA1D770000-0x00007FFA1D771000-memory.dmp

memory/2180-492-0x00007FFA1BD80000-0x00007FFA1BD81000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9Szzrs\prefs.js

MD5 bba8ecdec1fdb5e8eee91c123aefe552
SHA1 530713fc68b14c85a28170a19d269938fdfb0cf9
SHA256 7d21d9f056c1a70ff4759eaa31a6d122e92c9062f17ac8ddcea6b14ebb64f87b
SHA512 ad71f39f195016ab5f7653c40b4bb656da03ac7038d70bc3d67d7c4abb9aeba20c64ef4fd96400c1fc20c3282557e64e34213d063a5dcb1e76f7175c7f1b68a9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9Szzrs\extensions.json

MD5 b487cb1ec52d10f987424613b2919732
SHA1 a2e2979f91d736ccd931d6cd6ebfacc7c95ed538
SHA256 27e32cc8edbcf117fc3c27304a1d89750b5bce755bc277992f3bb39388b3424e
SHA512 ed340ec7d0554fcd739a02240e220a589f81fd586df5e945d0e382309b610b1a5ae4d719a64dca96faad49dacda52b5bd986fd35988c7f290c4091edbb0979d3

memory/3388-563-0x00000205630F0000-0x0000020563100000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 d1fe91262fd3d3fcff3e2a39c8ddacc4
SHA1 22165fdaac17da97cf2c864584970a004090d5f3
SHA256 45deccb0a15bd5ead4589de3e60dfed5062f440a8ff176468a5f8f1a20c7ed5a
SHA512 e3df4049b9d72d3f2d8916495b75b81bc038710e6d0839d6ebb18d74b6778813eae7f02098c669eb459c5e27e05577984f83b2768f5e5b0e5a56aa0a3f9c3239

memory/3388-605-0x0000020558B50000-0x0000020558CC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9Szzrs\prefs-1.js

MD5 0bd2c56445a0563e26767e91b67dfcb8
SHA1 9789947b4c1023688bf176795458b35514379b6d
SHA256 28bf1dcf8cd5bb779c3e9bb5efa522743d1fe69aab3f418ef3ef830e1c896062
SHA512 415be46ff75be1bb9e1121a37e163a9dfb4c80ade972d24da9b4d711a26eac350b49225af1afb9d0236684a5b98d17edee1aa238f500cd766e8374b86a6dabda

memory/3388-668-0x000002055CBB0000-0x000002055CBC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9Szzrs\prefs-1.js

MD5 cac0785f59fe2d12097a94587cbd7ace
SHA1 28e6f1d5581cbf49dc0db763fec645e01784d690
SHA256 3c7cdaa98746713584f0c83805c77f0b5d142010ceee4d4fcd78839ac0d69580
SHA512 82b021e015b313dd1fa0c9afc621c0a202623bc36d87cd2153989b45653f5ec51985f658f3d0ae745b11d845964af54683bfe0077d5dc819792216aafc2a803e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofile9Szzrs\prefs-1.js

MD5 8a4504fcdbe770230a5ddb8bd97dc2bb
SHA1 8ef327a261e339f70b26fa87a3667f55a3bca422
SHA256 6b55d95e527c04082e3edaeb9c5a3b9b82e6eec2756da25db027c87db40c79fa
SHA512 ea4caa584e5a066df521f8fecae4b2a89c98481bbfbb3f4a010e1eef162aca6b672d0b042173192053637bd68f70a3f177938484357add712ce89c5ef5c79a9d

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\extension-preferences.json

MD5 b4298c9a240d6b7b63346daf94013802
SHA1 9ce98168437854b51b198c16186c05129f0c273b
SHA256 e120cdbe8994b9c61e74492f0fad161abb5b4e18f64d4b786a8c245ae5a384d5
SHA512 545becc42b35be10b4c24fdc38ef6b664d167e4288111f31478f476c2c06794efb802ac0fa2b782cddea1283d295a56053e96520b033258bd596ff6fbb4f1b4c

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\prefs.js

MD5 07a6c7d61e97941f1774a80aece2dee3
SHA1 36ed26c36a3804a468c3fdce07afd833c5b1e440
SHA256 5e082090186cd939760806a95879d8be8c20339386bbf08c740765e9ca44ed5a
SHA512 73bcbb6a81512b202f00fce69cacfbe49f1724e2685ae29d28199bb74f52b79bc0cd5374d657b0fc248c2d7ca8ed29b8ab119d681bf309630a1ad5b130c21143

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\startupCache\webext.sc.lz4

MD5 c6a306c922d1f099f0091bef772a355c
SHA1 b65af9e987b4a12811a2b170a41388c53ca39a1c
SHA256 17d1d385c754ce7b11db2f4b8daf75fad664cd510d9441d518c2aaa3598d0bb5
SHA512 1c2c12939fd43a525681cf55fce57e0db1fb5eebb10f8e4eaf94a73bac61d93d7df8e729b1ce77ef6eafd18fddc9e82583b0d9b27b2957c7b2eebe54156f2dfc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\prefs.js

MD5 7d14158f0c45352d55c74d900c1d0fba
SHA1 14dbbd67536ff1bd977a8a8c0b83bfdaa73e99d2
SHA256 e5b7aed352e8cb44bc330a0db2d42403a513997e3ff475942741c762ad9a67c3
SHA512 a1958f624726a4f4f7f192154b637d467e0344db739a3287f88c3f00e5b747e776eaaaeff039a0bc57ae194bac81136bcb1abb1a2db0b8fd9a6076f379978181

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\broadcast-listeners.json

MD5 97c3738563a9448365a735f5f29ed3d5
SHA1 15a81433236ca6e6ecc4e1c8d0fdb8523b265c57
SHA256 63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24
SHA512 ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\sessionCheckpoints.json

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilednSV0e\xulstore.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletwcNzS\user.js

MD5 2cd0c7d16be65624274cfae610fdf6d9
SHA1 b7c762a6cd1405c85bde620c94b3820d2e2cc425
SHA256 a2fa988b218205b3363c21f18dcb22226c1ceaa2cb77ec4c1cb63e204e8f3bc3
SHA512 4916439f72cc51eb808cd67a226b2fdf5ef2348e0ad89b6c6675fc58d0fc75ba3689f5edb96c4a9af0fccfd06711a326157d2f77bfb168f1241f441e5d593dc6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletwcNzS\datareporting\glean\db\data.safe.tmp

MD5 1c3c58f7838dde7f753614d170f110fc
SHA1 c17e5a486cecaddd6ced7217d298306850a87f48
SHA256 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA512 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletwcNzS\startupCache\scriptCache-child-new.bin

MD5 2724d7dd31542eea53805994d9290cd8
SHA1 7b5d8536b060269d79848eaa6e2362333bc0f8ec
SHA256 72f0d983fa1c2017f7402b19caf50305d7bd8001ed4e7797bc3dc0528f3081a1
SHA512 6ea98f95ca46f2b83081b546bf6238de11a829853105233bb29cf9ceeb69ace8c69ae90e94c9b5143f91f05713cfbf82f63265733f6233ecf5acb867758c1ee0

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletwcNzS\prefs-1.js

MD5 a7d0a3d2a755242ebee66de1f5b7cfd7
SHA1 9b5d56f45f98331234db61030a7f743b7810c54c
SHA256 7c9cecd3ab329621bddc7e5cfbae5b85c96e386139ce2fa7d9e39d4a25adbe88
SHA512 26aec361e4752f3fb16f83ce5296318621c3536df0f99cde02a330a5acb82f95be7d80ad0fb36b9154e4d6f7b702518640c8ca4c8b977ba04744659f3c0233b9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletwcNzS\prefs.js

MD5 2e29103d1fa139c9d07c0ff35a741829
SHA1 65ef2108d1e7d649b318fed21008857831c5fc8e
SHA256 c87112005d331eca0f5ed01fc9c489e3cdf7f350fdb229173dfc5cde0a07532e
SHA512 b01d966b83e90fdbab55031ef0a68fca380c181966a7b593a1f7b1e5b226060458e732e127b6e640d1f5b1cc5b65d77f3782be26f9275cc3aa6740c48b5b1d3b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletwcNzS\sessionCheckpoints.json

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiletwcNzS\prefs-1.js

MD5 074253bc42231a5d1599ebc237c7dbc8
SHA1 2ae966ff5e6addabb8863914123d7b55d03ef373
SHA256 e4940a1fdb6d90b377427ba99b298f6a52675b2c4904fd2ad8315fc55c3ec70d
SHA512 a43025e602e67453f95105836d5a47a2593ab2fae7702aa5855c61b09c28a4ea4966a3ef5ad74e8784a72d3872b67311fbef24ec834bb14b9f3d2a26810650d7

memory/4604-1479-0x000001FAF2FF0000-0x000001FAF3000000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledvAYcn\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledvAYcn\prefs.js

MD5 5731e567811bfea2b2b9832603efa80e
SHA1 8fce89938517557999eb19171d99fdbe7ffc0234
SHA256 3583644fe3886c03ab44f1b030a2d75528b531c5e6468913fe435f08b485c139
SHA512 650975cc1e1ccc51f943625cfb45748a052fdebbc5fec32442edaf9f94d0066c581789a1153cf9ce49f78dd1d12107a0199b9583480cb8bdeccd875373062501

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledvAYcn\prefs-1.js

MD5 60aabcc9f2a0a40d2542e00ba5456d32
SHA1 a4b6247f014563ac2baf5161e64114c4c2c21035
SHA256 e714a700aacc6c13b4ca8d7e7e57f843ad1101109e99cc23f7bdf9bfcb67ae0e
SHA512 a06e3b852264a366cb54b0c71ef189e9e06dddc42469401c157d73b6fb262b459750177729f538e5c33ce097b2cea0ddd46ba793f4fa8ebe36ca269a21d10439

C:\Users\Admin\AppData\Local\Temp\rust_mozprofiledvAYcn\datareporting\glean\db\data.safe.tmp

MD5 c58234a092f9d899f0a623e28a4ab9db
SHA1 7398261b70453661c8b84df12e2bde7cbc07474b
SHA256 eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c
SHA512 ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN9SoIi\compatibility.ini

MD5 8abc87cadc2fe0c250275be846cc9e1a
SHA1 2a9c86479421fc4b6711739a54d44218164b37ca
SHA256 283fa1362978bde55e57ec7795c8ecec3860f7349ca791e7a77f0348faa73af8
SHA512 8f75826a68cf384955d63ef64e9a56d29e4cc612b9b86168e22e1bb439ad240877fe4381c2bfa7265c8163a750b0a41cb19c3874fc1590f530a990f204e5e80a

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN9SoIi\WebDriverBiDiServer.json

MD5 7895a4e17ead2d17030569a164739809
SHA1 ce856e3bd733890aefc7404abd1186c101d0e490
SHA256 ca30d87d7fa0e88ef1ca6560101ac6b2efb10228e51e6b8ac296c215a027db58
SHA512 3c7b0cac64c54114bdf4521afa0b1cb654b7442ab0f58d3dd30d6c6e78e9732f029a99b0e0a2bc1662843fe55a877b7e300fd015e4b7361d796e217443ee1de3

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN9SoIi\prefs.js

MD5 1f81faa14b642e51f9d4bb2fce0ebc96
SHA1 49fd89cefb8307f3f35ab812ca958ababffb1979
SHA256 9e2ff9626ac8d37a102e0b4bacf8fa5ad74c91f6269ca7e66448f8776489f05a
SHA512 b57ed9955ccfd8d45f4a884c4ec1fde1661e2a36c3f9ec6157f4bedeecae0ded52d89ba85359de4e737b1c2daea71d49595707ecae893f0fcefb58b5ba589955

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN9SoIi\storage\default\moz-extension+++bdbcb9a0-4eeb-4091-b596-7b6a565a3d0c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite

MD5 7a43d51d95dbc2df2c33d2ac81aa6cbd
SHA1 0c5a784d612dd74b3e584d3f8f701a312edeeea2
SHA256 bbb57c7ed8520aed3383dbb4f448f6d82f35b265c26559f64ad01d49ce1ce855
SHA512 f0cf3a223e718c88dd0356b33f67530a730b4a2841cf7707118b14b63dc2d70b848696596f7739af4b4e049a75966c58b9a985aab53056362e772e6cc4b01a8b

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN9SoIi\storage-sync-v2.sqlite

MD5 bff4d6361e4126d963ab7dffdc7550ce
SHA1 e2660c2f00b0aef4a81972c6a6093935d5aa40d5
SHA256 ad0828e5ff9d4188151772cd9af85827a431d122901486590c5734b62b4af2d2
SHA512 8d967c085d343d50a76cf14e88ed2fb742a7195034ddbaacd57d2c47abf0218a5f6878528a8f37c8f3b61496f61b5e254d205003af87a3cf156ba12ea59f65bc

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileN9SoIi\content-prefs.sqlite

MD5 b15425d1f21f5708184e35493e63c8a1
SHA1 e944c1fdf56a3f6a5150b77980e89d48c7b57be2
SHA256 7a9012d1846763fe9dcb059035972a023ec29f2b9c03f865f0a6f6df6ef2a6c0
SHA512 6b54e30e0a060261bdac98ef818d1053fbabf0d6b8a17efc729942729ed6e6dddb29063b079ddb1dcd1b4edfc85a0311cf821b4b3291372c834a00733456423f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevPdKZd\prefs-1.js

MD5 c2d50a79f64bb09030dcdc3e45e620bc
SHA1 21fb8cdb0b20068bd48e50f8ad48532896d5216b
SHA256 4d6bf475c8fced9e550b2ce984f56d4684ac06d793c3a1ded305835119c374b5
SHA512 6f3bc5d3637d8fca2b9fdf64b93a8e2ca8cca60fa5dbee8cb05096a063c4d6db1cd104c0d1393836a56ccb17770926f98ab68fe654d706cea223e0977c8f7560

C:\Users\Admin\AppData\Local\Temp\rust_mozprofilevPdKZd\prefs-1.js

MD5 0c1b80f4d7e2c38dd96cbcc32fa41eed
SHA1 0539d5e7a74b8858d053d3ef1994726d316c4799
SHA256 df5d4ee5516bceac4a2d7a65a78b0035d3c383f7d547a9a0038a670cc6f94d07
SHA512 30f98d176c133a87e2d4e392a3f721bb646b14d425c5b6da3dca8df2d2f679bbe2f8cf4b1974d4777cbb0c69c578a5fbe2991ec8e20219f47a28716105f173b6

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHySWvB\prefs.js

MD5 408fab99d35c4e1d1f36ef22036e2716
SHA1 9fd7a692bcafa7b299b005bcfa6106f28881add2
SHA256 7718b61214659115a35ee7d0c1409a72f2917020f872f4b9406a36051a843bd5
SHA512 dd0c6baa4242cb7fce31df3a55f3cf791574c3daf888dd6c54ac6d5207f36c2550c528fc6c09a78aa59c67d2c9631205ed6a03f051c3a6f9ce4d0697589892d9

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHySWvB\prefs-1.js

MD5 863333a350ab76aaf67094a8197bf59e
SHA1 863cd8fb88bb75242fcb636f611bdbd51989f489
SHA256 49cc0f616901eaeab1b8265bb2c0dd2b26db251fe4ab91f2c5550fa9f1869e1f
SHA512 3370663b61b33f297b4e5631257dff62b6a3d2f1f922778a3eefc1d5ae2099cabc3d25a6f2807c770acee881d4339b13c25da54c3bbc4d72f3aa5f2e96633a1f

C:\Users\Admin\AppData\Local\Temp\rust_mozprofileHySWvB\prefs-1.js

MD5 f87e86bcef9be27c90922d7e742659b4
SHA1 1cdcf907ffed2724fa390bd1a713d9c300767ab2
SHA256 5ba2c21dbbf5f8c495b437d83779d44d280a2fef6a21f5d09523309559837560
SHA512 f7bf11fd60cb00959c4bb31cc3d60c89a65106082441e179e7df8529d69361fc9b84c8035d0bddfaee3f8f9335b8a7deba68e201f9378e3c20bd5ca34d45d411