Analysis Overview
SHA256
01792043e07a0db52664c5878b253531b293754dc6fd6a8426899c1a66ddd61f
Threat Level: Known bad
The file Avos_18_07_2021_403KB.exe was found to be: Known bad.
Malicious Activity Summary
Avoslocker Ransomware
Executes dropped EXE
Modifies extensions of user files
Downloads MZ/PE file
Loads dropped DLL
Enumerates physical storage devices
Enumerates system info in registry
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Opens file in notepad (likely ransom note)
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-01-19 04:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-19 04:22
Reported
2022-01-19 04:30
Platform
win7-en-20211208
Max time kernel
385s
Max time network
366s
Command Line
Signatures
Avoslocker Ransomware
Downloads MZ/PE file
Executes dropped EXE
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\InstallDisconnect.raw => C:\Users\Admin\Pictures\InstallDisconnect.raw.avos | C:\Users\Admin\AppData\Local\Temp\Avos_18_07_2021_403KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\RequestDisable.tif => C:\Users\Admin\Pictures\RequestDisable.tif.avos | C:\Users\Admin\AppData\Local\Temp\Avos_18_07_2021_403KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SearchGrant.tif => C:\Users\Admin\Pictures\SearchGrant.tif.avos | C:\Users\Admin\AppData\Local\Temp\Avos_18_07_2021_403KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\SendComplete.png => C:\Users\Admin\Pictures\SendComplete.png.avos | C:\Users\Admin\AppData\Local\Temp\Avos_18_07_2021_403KB.exe | N/A |
| File renamed | C:\Users\Admin\Pictures\ConvertFromStop.raw => C:\Users\Admin\Pictures\ConvertFromStop.raw.avos | C:\Users\Admin\AppData\Local\Temp\Avos_18_07_2021_403KB.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Avos_18_07_2021_403KB.exe
"C:\Users\Admin\AppData\Local\Temp\Avos_18_07_2021_403KB.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\GET_YOUR_FILES_BACK.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\GET_YOUR_FILES_BACK.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\GET_YOUR_FILES_BACK.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a64f50,0x7fef6a64f60,0x7fef6a64f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1092 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1260 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1712 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1120 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=828 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3100 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4116 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2368 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4000 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3488 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3264 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3252 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4176 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4188 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4224 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4196 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2100 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1744 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4048 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3152 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3160 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3556 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3052 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3360 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4432 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4784 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4640 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4668 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3184 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=764 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1592 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1032,10903846938737078337,5914357124061385417,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3624 /prefetch:8
C:\Users\Admin\Downloads\torbrowser-install-win64-11.0.4_en-US.exe
"C:\Users\Admin\Downloads\torbrowser-install-win64-11.0.4_en-US.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1324.0.764708670\404874306" -parentBuildID 20220602050101 -prefsHandle 980 -prefMapHandle 972 -prefsLen 1 -prefMapSize 239150 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1324 gpu
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2628.0.804700907\1208409997" -parentBuildID 20220602050101 -prefsHandle 988 -prefMapHandle 980 -prefsLen 1 -prefMapSize 239150 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2628 gpu
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1016.0.332937747\1819585627" -parentBuildID 20220602050101 -prefsHandle 996 -prefMapHandle 988 -prefsLen 1 -prefMapSize 239150 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1016 gpu
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="2460.0.1984617553\1928746415" -parentBuildID 20220602050101 -prefsHandle 1008 -prefMapHandle 992 -prefsLen 1 -prefMapSize 239150 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 2460 gpu
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="1668.0.429994733\205469630" -parentBuildID 20220602050101 -prefsHandle 976 -prefMapHandle 968 -prefsLen 1 -prefMapSize 239150 -appdir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - 1668 gpu
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.250.179.174:443 | clients2.google.com | tcp |
| NL | 142.250.179.173:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 216.58.208.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 142.250.179.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.250.179.131:443 | ssl.gstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.4.4:443 | dns.google | tcp |
| NL | 172.217.168.206:443 | tcp | |
| NL | 172.217.168.206:443 | tcp | |
| NL | 172.217.168.206:443 | tcp | |
| NL | 172.217.168.206:443 | udp | |
| FI | 95.216.163.36:443 | www.torproject.org | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| FI | 95.216.163.36:443 | www.torproject.org | tcp |
| FI | 95.216.163.36:443 | www.torproject.org | tcp |
| FI | 95.216.163.36:443 | www.torproject.org | tcp |
| FI | 95.216.163.36:443 | www.torproject.org | tcp |
| FI | 95.216.163.36:443 | www.torproject.org | tcp |
| NL | 142.250.179.142:443 | apis.google.com | udp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| NL | 142.251.39.110:443 | udp | |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| NL | 216.58.208.97:443 | clients2.googleusercontent.com | udp |
| NL | 23.2.167.210:443 | tcp | |
| NL | 23.2.167.210:443 | tcp | |
| IE | 54.194.235.68:443 | tcp | |
| IE | 176.34.135.224:443 | tcp | |
| NL | 23.2.167.210:443 | tcp | |
| NL | 142.251.36.42:443 | tcp | |
| US | 45.57.69.154:443 | ipv4-c051-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.69.154:443 | ipv4-c051-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.68.152:443 | ipv4-c044-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.68.152:443 | ipv4-c044-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.63.202:443 | ipv4-c005-was001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.63.202:443 | ipv4-c005-was001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.62.181:443 | ipv4-c079-was001-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.62.181:443 | ipv4-c079-was001-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.45.73:443 | ipv4-c129-ord001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.45.73:443 | ipv4-c129-ord001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.69.154:443 | ipv4-c051-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.69.154:443 | ipv4-c051-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.68.152:443 | ipv4-c044-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.63.202:443 | ipv4-c005-was001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.63.202:443 | ipv4-c005-was001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.68.152:443 | ipv4-c044-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.195:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | udp | |
| US | 45.57.69.154:443 | ipv4-c051-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.69.154:443 | ipv4-c051-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.62.181:443 | ipv4-c079-was001-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.62.181:443 | ipv4-c079-was001-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.63.202:443 | ipv4-c005-was001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.45.73:443 | ipv4-c129-ord001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.63.202:443 | ipv4-c005-was001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.45.73:443 | ipv4-c129-ord001-dev-ix.1.oca.nflxvideo.net | tcp |
| IE | 54.194.235.68:443 | tcp | |
| IE | 54.194.235.68:443 | tcp | |
| US | 45.57.68.152:443 | ipv4-c044-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.62.181:443 | ipv4-c079-was001-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.62.181:443 | ipv4-c079-was001-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.62.181:443 | tcp | |
| US | 45.57.45.73:443 | ipv4-c129-ord001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 45.57.45.73:443 | ipv4-c129-ord001-dev-ix.1.oca.nflxvideo.net | tcp |
| NL | 142.250.179.206:443 | tcp | |
| US | 45.57.69.154:443 | ipv4-c051-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.69.154:443 | ipv4-c051-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.69.154:443 | ipv4-c051-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.45.73:443 | ipv4-c129-ord001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.63.202:443 | ipv4-c005-was001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.62.181:443 | ipv4-c079-was001-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.68.152:443 | ipv4-c044-nyc005-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.62.181:443 | ipv4-c079-was001-ix.1.oca.nflxvideo.net | tcp |
| US | 45.57.45.73:443 | ipv4-c129-ord001-dev-ix.1.oca.nflxvideo.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| IE | 52.49.53.175:443 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| N/A | 127.0.0.1:49268 | tcp | |
| N/A | 127.0.0.1:49354 | tcp | |
| N/A | 127.0.0.1:49543 | tcp | |
| N/A | 127.0.0.1:49697 | tcp | |
| N/A | 127.0.0.1:49729 | tcp | |
| N/A | 127.0.0.1:49927 | tcp | |
| N/A | 127.0.0.1:50124 | tcp |
Files
memory/1604-53-0x000007FEFC321000-0x000007FEFC323000-memory.dmp
C:\Users\Admin\Desktop\GET_YOUR_FILES_BACK.txt
| MD5 | 0237b63f764204e00d7242cc4d908271 |
| SHA1 | 9d88e59463e2a963bea95d6a2cc5383e922f2f27 |
| SHA256 | 7bee0aff7241590f5bd35727a1a544a492b7533f1acba685611dd269078d1857 |
| SHA512 | 0daec31046c2704b30760f7aecc944f9591cdf22511e5e9276f3dbc376cc60b04853c3e25abca2e754aeaaaac49c264c7d89d418c832c8275fb5484d51a99b3e |
\??\pipe\crashpad_1180_CYBCJHTRKWRNGMGQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Downloads\torbrowser-install-win64-11.0.4_en-US.exe
| MD5 | 975fc69d4bccc9b8abc0b3b0f5f277e1 |
| SHA1 | 5812e773c6cf4ffbe614fdbd21367c9dc61319ae |
| SHA256 | 745fd1720a71a62f47b2259ad8dc5393def2c881a668967c7a54ff0c5db2c67f |
| SHA512 | cdd387f32ace935d6d2cee369efc106becb6d581a10a0582c3a1631e1aa5d0b9303a66b89e8160691b95def0f291f458acd07274046f0b003a430b2db9846bcc |
\Users\Admin\Downloads\torbrowser-install-win64-11.0.4_en-US.exe
| MD5 | 975fc69d4bccc9b8abc0b3b0f5f277e1 |
| SHA1 | 5812e773c6cf4ffbe614fdbd21367c9dc61319ae |
| SHA256 | 745fd1720a71a62f47b2259ad8dc5393def2c881a668967c7a54ff0c5db2c67f |
| SHA512 | cdd387f32ace935d6d2cee369efc106becb6d581a10a0582c3a1631e1aa5d0b9303a66b89e8160691b95def0f291f458acd07274046f0b003a430b2db9846bcc |
\Users\Admin\Downloads\torbrowser-install-win64-11.0.4_en-US.exe
| MD5 | 975fc69d4bccc9b8abc0b3b0f5f277e1 |
| SHA1 | 5812e773c6cf4ffbe614fdbd21367c9dc61319ae |
| SHA256 | 745fd1720a71a62f47b2259ad8dc5393def2c881a668967c7a54ff0c5db2c67f |
| SHA512 | cdd387f32ace935d6d2cee369efc106becb6d581a10a0582c3a1631e1aa5d0b9303a66b89e8160691b95def0f291f458acd07274046f0b003a430b2db9846bcc |
\Users\Admin\Downloads\torbrowser-install-win64-11.0.4_en-US.exe
| MD5 | 975fc69d4bccc9b8abc0b3b0f5f277e1 |
| SHA1 | 5812e773c6cf4ffbe614fdbd21367c9dc61319ae |
| SHA256 | 745fd1720a71a62f47b2259ad8dc5393def2c881a668967c7a54ff0c5db2c67f |
| SHA512 | cdd387f32ace935d6d2cee369efc106becb6d581a10a0582c3a1631e1aa5d0b9303a66b89e8160691b95def0f291f458acd07274046f0b003a430b2db9846bcc |
memory/2316-69-0x00000000080B0000-0x00000000103DF000-memory.dmp
memory/1940-68-0x00000000035A0000-0x000000000B8CF000-memory.dmp
memory/1324-158-0x0000000003620000-0x000000000B94F000-memory.dmp
memory/2960-175-0x0000000002900000-0x000000000AC2F000-memory.dmp
memory/2628-313-0x0000000003370000-0x000000000B69F000-memory.dmp
memory/1084-356-0x00000000032D0000-0x000000000B5FF000-memory.dmp
memory/1064-367-0x00000000029D0000-0x000000000ACFF000-memory.dmp
memory/1016-521-0x00000000033E0000-0x000000000B70F000-memory.dmp
memory/2876-547-0x0000000002A00000-0x000000000AD2F000-memory.dmp
memory/2460-715-0x0000000003280000-0x000000000B5AF000-memory.dmp
memory/2336-755-0x0000000002A30000-0x000000000AD5F000-memory.dmp
memory/1668-917-0x0000000003300000-0x000000000B62F000-memory.dmp