Analysis Overview
SHA256
b65b65c3ccf923af7be7db31b3919120e47849cc3e870afdac1bc555fc25b200
Threat Level: Known bad
The file LockBit3.0.exe was found to be: Known bad.
Malicious Activity Summary
Rule to detect Lockbit 3.0 ransomware Windows payload
Lockbit
Lockbit family
Renames multiple (402) files with added filename extension
Downloads MZ/PE file
Loads dropped DLL
Checks computer location settings
Deletes itself
Reads user/profile data of web browsers
Executes dropped EXE
Checks whether UAC is enabled
Drops desktop.ini file(s)
Sets desktop wallpaper using registry
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Opens file in notepad (likely ransom note)
Modifies Control Panel
Checks processor information in registry
Suspicious behavior: RenamesItself
NTFS ADS
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 19:42
Signatures
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 19:42
Reported
2024-02-25 19:47
Platform
win10-20240221-en
Max time kernel
299s
Max time network
300s
Command Line
Signatures
Lockbit
Renames multiple (402) files with added filename extension
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-2852630833-2010812756-3750823755-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-2852630833-2010812756-3750823755-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\spool\PRINTERS\PPkbh1x0r4wv3smudkwghbc0y8d.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPwanhzmdf0sjj0ih5hctpoqrmb.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\00002.SPL | C:\Windows\splwow64.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PP77og9a4g8seafhcjm77jr6cad.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\kw33XQBp8.bmp" | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\kw33XQBp8.bmp" | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\system32\svchost.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\Desktop\WallpaperStyle = "10" | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\Desktop | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533638390048125" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.kw33XQBp8 | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.kw33XQBp8\ = "kw33XQBp8" | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\kw33XQBp8\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\kw33XQBp8 | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\kw33XQBp8\DefaultIcon\ = "C:\\ProgramData\\kw33XQBp8.ico" | C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance | C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
| N/A | N/A | C:\ProgramData\7F04.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe
"C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{5365BEDD-FEB7-45C2-A94A-ADD80FE7EB6F}.xps" 133533637806520000
C:\ProgramData\7F04.tmp
"C:\ProgramData\7F04.tmp"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\7F04.tmp >> NUL
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\kw33XQBp8.README.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9a21a9758,0x7ff9a21a9768,0x7ff9a21a9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4948 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3840 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2948 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5068 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2936 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1692 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.0.52195678\57663318" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1476 -prefsLen 18084 -prefMapSize 231738 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2972b884-2fd9-445c-9f1e-f068be43e252} 824 "\\.\pipe\gecko-crash-server-pipe.824" 1672 1921fe68e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.1.215238623\946107287" -parentBuildID 20221007134813 -prefsHandle 2260 -prefMapHandle 1528 -prefsLen 18635 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d2a8c02-0dca-4575-804c-431428dea309} 824 "\\.\pipe\gecko-crash-server-pipe.824" 2280 192200dc658 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.2.545369751\184955198" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2996 -prefsLen 19464 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ddc56e-e164-4244-bee3-109ccdc21494} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3020 19222dc4858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.3.2081627098\1044888452" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 19571 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07603e2b-dcd8-479b-b136-ae320254d04b} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3496 1921506a858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.4.1344810971\454492500" -parentBuildID 20221007134813 -prefsHandle 3876 -prefMapHandle 3796 -prefsLen 21681 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {642bf0e8-eaee-482b-a95c-38c32119da8a} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3448 19224e5d758 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.7.1324812467\70798845" -childID 5 -isForBrowser -prefsHandle 4892 -prefMapHandle 4856 -prefsLen 27718 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e15d8b1-ec63-4e18-9893-02578f9c6410} 824 "\\.\pipe\gecko-crash-server-pipe.824" 4920 192272a8758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.6.55591034\1159764484" -childID 4 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 27718 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f60d49-25e0-4bd1-9e21-8a81a9db8ffa} 824 "\\.\pipe\gecko-crash-server-pipe.824" 4768 19226f93e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.5.2105351631\1428371676" -childID 3 -isForBrowser -prefsHandle 5048 -prefMapHandle 4832 -prefsLen 27683 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffec913c-657c-421e-8471-aa0b5ffccb4c} 824 "\\.\pipe\gecko-crash-server-pipe.824" 5016 19226f91a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.8.1199733957\1075554355" -childID 6 -isForBrowser -prefsHandle 5548 -prefMapHandle 5540 -prefsLen 27928 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4bb65e8-38a8-4974-867b-45a62ae9daa4} 824 "\\.\pipe\gecko-crash-server-pipe.824" 5572 19229cb9858 tab
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe
"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.0.513568249\882844254" -parentBuildID 20240213172118 -prefsHandle 1924 -prefMapHandle 1736 -prefsLen 19244 -prefMapSize 243693 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2281663e-e6a5-44c2-869c-ebfdaa759d20} 4584 gpu
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.1.393125940\1856507710" -childID 1 -isForBrowser -prefsHandle 2604 -prefMapHandle 2600 -prefsLen 20126 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c9da4265-cba5-40a8-8d1d-090ba3148bf7} 4584 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.2.170729653\1746762819" -childID 2 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 20938 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {82d3b8af-edb9-488b-8015-7ece831befe0} 4584 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:5a4fe701714d501e60aa7e73bd1ccc7462f5ed7145348b274ed576952e +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 4584 DisableNetwork 1
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.3.1885592823\1851860871" -childID 3 -isForBrowser -prefsHandle 3420 -prefMapHandle 3436 -prefsLen 21015 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {78c4cb71-9fdf-42dc-8c6b-3902ddadde4c} 4584 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.4.1009001677\628360830" -parentBuildID 20240213172118 -prefsHandle 3460 -prefMapHandle 3420 -prefsLen 22190 -prefMapSize 243693 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0407531a-a3cd-4acf-804c-c0f0c9c5ccf7} 4584 rdd
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.5.1029828813\1588413359" -childID 4 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 22392 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b22edbfc-325d-4955-a625-e95bbc19b329} 4584 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.6.580520655\1370647229" -childID 5 -isForBrowser -prefsHandle 2924 -prefMapHandle 4092 -prefsLen 22392 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {85e1d1de-17db-4b96-8a19-4487edb9cb0d} 4584 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.7.641866205\139380674" -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 3824 -prefsLen 22392 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0a444b71-d39a-4d28-b686-6c79ec9b7404} 4584 tab
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.8.2008463222\744495137" -childID 7 -isForBrowser -prefsHandle 4228 -prefMapHandle 4108 -prefsLen 22567 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {eecea9ff-0618-4310-9bd2-89b7416ec67d} 4584 tab
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\kw33XQBp8.README.txt
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.9.2011389627\1746481691" -childID 8 -isForBrowser -prefsHandle 1576 -prefMapHandle 1820 -prefsLen 22845 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {30daad5c-e63f-4163-b14e-b5e62ae4aa0f} 4584 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lockbitapt.uz | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | lockbitapt.uz | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lockbitapt.uz | udp |
| US | 8.8.8.8:53 | lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly | udp |
| US | 209.141.39.59:80 | lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly | tcp |
| US | 209.141.39.59:80 | lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly | tcp |
| US | 8.8.8.8:53 | 59.39.141.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | simplesharebuttons.com | udp |
| US | 8.8.8.8:53 | it7otdanqu7ktntxzm427cba6i53w6wlanlh23v5i3siqmos47pzhvyd.onion.ly | udp |
| US | 8.8.8.8:53 | darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion.ly | udp |
| US | 8.8.8.8:53 | papyrefb3jewa7fdbakdomx2pj576w7u25fk3kjk6gyyuofz5awcu4id.onion.ly | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 162.243.82.235:443 | simplesharebuttons.com | tcp |
| US | 162.243.82.235:443 | simplesharebuttons.com | tcp |
| US | 162.243.82.235:443 | simplesharebuttons.com | tcp |
| US | 162.243.82.235:443 | simplesharebuttons.com | tcp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | raptora2y6r3bxmjcd3xglr3tcakc6ezq3omyzbnvwahhpi27l3w4yad.onion.ly | udp |
| US | 8.8.8.8:53 | reddit.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | vkontakte.ru | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.tor2web.org | udp |
| US | 8.8.8.8:53 | www.torproject.org | udp |
| US | 8.8.8.8:53 | zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion.ly | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.82.243.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 44.230.179.24:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.239.242.57:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 54.218.225.239:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:53127 | tcp | |
| N/A | 127.0.0.1:53138 | tcp | |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 24.179.230.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.225.218.54.in-addr.arpa | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.torproject.org | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| DE | 116.202.120.166:443 | www.torproject.org | tcp |
| US | 8.8.8.8:53 | www.torproject.org | udp |
| US | 8.8.8.8:53 | www.torproject.org | udp |
| US | 8.8.8.8:53 | 57.242.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.120.202.116.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| DE | 116.202.120.166:443 | www.torproject.org | tcp |
| DE | 116.202.120.166:443 | www.torproject.org | tcp |
| DE | 116.202.120.166:443 | www.torproject.org | tcp |
| DE | 116.202.120.166:443 | www.torproject.org | tcp |
| DE | 116.202.120.166:443 | www.torproject.org | tcp |
| DE | 116.202.120.166:443 | www.torproject.org | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| DE | 116.202.120.166:443 | www.torproject.org | tcp |
| DE | 116.202.120.166:443 | www.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| US | 8.8.8.8:53 | dist.torproject.org | udp |
| DE | 116.202.120.166:443 | dist.torproject.org | tcp |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| N/A | 127.0.0.1:54026 | tcp | |
| N/A | 127.0.0.1:9151 | tcp | |
| N/A | 127.0.0.1:54112 | tcp | |
| N/A | 127.0.0.1:54133 | tcp | |
| NL | 193.142.147.198:9001 | tcp | |
| US | 8.8.8.8:53 | 198.147.142.193.in-addr.arpa | udp |
| DE | 85.215.160.111:44441 | tcp | |
| CH | 85.195.244.251:443 | tcp | |
| US | 8.8.8.8:53 | 251.244.195.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.160.215.85.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9150 | tcp |
Files
memory/3504-0-0x0000000002910000-0x0000000002920000-memory.dmp
memory/3504-1-0x0000000002910000-0x0000000002920000-memory.dmp
memory/3504-2-0x0000000002910000-0x0000000002920000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-2852630833-2010812756-3750823755-1000\YYYYYYYYYYY
| MD5 | 0508c3b0d91e20fb700d336bae38f422 |
| SHA1 | 414e28b9c12182f3076a19f5486434048a7c9940 |
| SHA256 | 9ab852c2f0d8cad377bf413ffc79bad525e0df50bc32410f0950c7befaa498a3 |
| SHA512 | 35db02919dc3b81fb2c599715624f65049c5558f784cd322cc08c36b4fb307ebfcbb50f3095c8a8f28c3d0382daf15ec492ba2736362bf804fcaf4017187c8cd |
F:\$RECYCLE.BIN\S-1-5-21-2852630833-2010812756-3750823755-1000\DDDDDDDDDDD
| MD5 | 375d6a2323b3c92024dfaa3fa0b58617 |
| SHA1 | 0b4ee95423052f79599918f8e23128b261564d6c |
| SHA256 | 61b2226743e04c9d2ba5745f00815ad59edacb78d4532a36a2b92830af5a18b6 |
| SHA512 | 273ef342903e1bd96f060e8b8d88a1c32f49095ef05a2b61ffd362552d35d656a3934093920797916bb2da56190bc94a6cc2b91f371827d8e01c7e29886a7bf8 |
C:\kw33XQBp8.README.txt
| MD5 | cca1d7711f5d94c79cba034b2a5751f8 |
| SHA1 | cb488d5903d1f0e08522b211b083b807efecc56e |
| SHA256 | f11a12edc48137b36b7f4b0d04a4aca156e3090270102705893cfc6d3dde91e6 |
| SHA512 | 8262d55a8e9514eba815dcbbfb7e388bb1fed03a4ea6dab6b1c9ee2f3ed327758b53d7973c0ae334355419b0aecbe78ae6028b666be2bc3174d4cf09be40eadc |
memory/3880-2531-0x0000021063BB0000-0x0000021063BC0000-memory.dmp
memory/3880-2538-0x00000210642F0000-0x00000210642F1000-memory.dmp
memory/3880-2540-0x00000210688D0000-0x00000210688D1000-memory.dmp
memory/3880-2542-0x0000021068A10000-0x0000021068A11000-memory.dmp
memory/3880-2543-0x0000021068A20000-0x0000021068A21000-memory.dmp
C:\ProgramData\7F04.tmp
| MD5 | 294e9f64cb1642dd89229fff0592856b |
| SHA1 | 97b148c27f3da29ba7b18d6aee8a0db9102f47c9 |
| SHA256 | 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2 |
| SHA512 | b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf |
memory/4364-2559-0x000000007FEA0000-0x000000007FEA1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDD
| MD5 | e4b857b3925713da2e6b54808b20b4ae |
| SHA1 | 6065c1d57eab3ee728f88152ce12a1220367facd |
| SHA256 | d83eb5fc9949df3b43098910cb47585ad19ab7baa93c8708ee4cfaa43e88d04b |
| SHA512 | c1b216adae6fcb5dc9036cc7a5b025ebc2d2c75784eb4fbf55ea4b355c8b282935b9e9aef4962448baaeef56132dad661c8a38ca085dd5a0a1273b453dfa9340 |
memory/4364-2583-0x0000000000570000-0x0000000000580000-memory.dmp
memory/192-2589-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp
memory/4364-2590-0x0000000000570000-0x0000000000580000-memory.dmp
memory/4364-2591-0x000000007FE80000-0x000000007FE81000-memory.dmp
memory/192-2593-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp
memory/192-2594-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp
memory/4364-2592-0x000000007FE20000-0x000000007FE21000-memory.dmp
memory/192-2595-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2596-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp
memory/192-2597-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2598-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2599-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2601-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2603-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2604-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2605-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2606-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2608-0x00007FF9AE290000-0x00007FF9AE33E000-memory.dmp
memory/192-2607-0x00007FF96ADA0000-0x00007FF96ADB0000-memory.dmp
memory/192-2609-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2611-0x00007FF96ADA0000-0x00007FF96ADB0000-memory.dmp
memory/192-2610-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2612-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2613-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2615-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2617-0x00007FF9AE290000-0x00007FF9AE33E000-memory.dmp
memory/192-2618-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2620-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2622-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
memory/192-2624-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{EC94FF78-C089-4C07-99B8-EC8FF9504467}
| MD5 | 5246746493ed1d6a9fc3cadfe30639f6 |
| SHA1 | 12be6fc78d403cfeec51a1c45ae36f9c4b70d3e6 |
| SHA256 | 77ccba4160b3073f468205343d0f2238959d8049c4ac3e0aa6a0bb43068cbf9b |
| SHA512 | 39ae5e85a4c2b3438af1d7efa11ccd2b93aa02f74f7d620c430ec16af19eb89d0529ad25b727f748bbcd4b6a1b738f8f36d7fe546c123011f0b9f479007a1fcf |
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
| MD5 | f56f4467607acbae8aeea222bb555835 |
| SHA1 | 320c321a5bef2f6b7e8c0a47f805268ef7a46fef |
| SHA256 | 58ca0137e52265a273b00d4fe245d5c6c8db7fe1369f19d32c4c37a7cecbb489 |
| SHA512 | 880a41fdc7bd25f31803cd3e9b2de38867d3bf28facc852407b952e4c71091d57506ca0407e2be623a792b7fce91db648ba31e9de035d5d6c7d11cecf2c86a93 |
memory/192-3081-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp
memory/192-3082-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp
memory/192-3083-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp
memory/192-3084-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp
memory/192-3085-0x00007FF9AE290000-0x00007FF9AE33E000-memory.dmp
memory/192-3086-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp
\??\pipe\crashpad_5024_GEJTFNGOGNRRUFBC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | ef36a84ad2bc23f79d171c604b56de29 |
| SHA1 | 38d6569cd30d096140e752db5d98d53cf304a8fc |
| SHA256 | e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831 |
| SHA512 | dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-65D5C38B-127C.pma.kw33XQBp8
| MD5 | 4597bf6c66d3e0b83f92736082ad1421 |
| SHA1 | cc62afb5ced721473f7656b371ddf298b478b8c4 |
| SHA256 | b9dbb043314bc057b65c580403192aa6babb9cf8008baacc3144f2c664ce93e7 |
| SHA512 | 41fa1543625daa3508a769a08b1746b79eaa21c5ef61f20974bf81f4a79e7c0ca2299069406527172c4af33bcc87770cf0cec9151ea53f60aae68249fda4bf0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe586c03.TMP
| MD5 | d7da2503210502969a68817051834a27 |
| SHA1 | affff1fab7706c3f8a6b0e06f38752416b693da2 |
| SHA256 | 8d3c70ee161a76a7d617574506a7100faae52568358ea63082749f1907268bcd |
| SHA512 | 352de6bc802ee0061faa9a4054a733d40171f0bc5971ec2338e7ab23bcde5801d5fcfed9eef58c95cf11abec700714da6f0ab346346d47f0da75ff61c3efd08f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 73689a2874558814e9962e1b20d20c5b |
| SHA1 | 85057b2bc4e1cde72ed014d7c09cf1abf00412c1 |
| SHA256 | b492a17b6ff6eb126b2e34f591bcfe6ea4e26ed37e6282af9f0e5826690e2087 |
| SHA512 | c640e20cb546e4b3224925939ead85efd2271889d718c8f87a156a705e2dfca68aca8c9eb74c996f38ed7aa588d91d09889a7ef35ce39031e1c3bed6e23324a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d88e43a6d819a7910938257f1b1e81c |
| SHA1 | 6bdc2d0789b6e01ba3d0aee32926a265e837fe27 |
| SHA256 | 5e5684fd69328bb1bfd2a29861b930d2d0f3e5297bf8439c079aa222155a6d26 |
| SHA512 | e74619fa7fcdc2d1451f58abd7b89296adc8ce23b3a28d8682a91805b16afb9e9cd92ba8056fbadfa2c74d72348d25b7f359065297881477122bf0bca10ad687 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 5175daccb519a918d50dbbb99e95728b |
| SHA1 | 78f51b14dfc23ee174762af200e2e0b56f26f493 |
| SHA256 | 6f3c309a6285c4a42113e4aabdf2af7705f7fd58d181f7a120411e09909c64da |
| SHA512 | 8f8f288abf17fd50b3fa49707eaa234f8bccb565d09cc11e4a333486eb6c7e7a937b90bfcb959879639b15cbbe530a60efc6e64c21b994336f99e66329cc8f9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b169f2bee2f56177e0a4e6dc63f233d |
| SHA1 | 880b22a7316d5cbbc6c5ce756c2a1f874cbb4ed0 |
| SHA256 | 2143136681968c06b36ecf9680c137e4e6c3b33b7ecc3529784b9ab1f6082691 |
| SHA512 | 45fa807df0e70048d36a410e0286d3124ff14c313365e1bdf902793215d617cd129f189f6f00159ffbeeac32c2a2692e07c4cc35c1b344f526ce99b8fd0be179 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\09c5ffdb-f550-47d9-9c9b-70d549e7940b.tmp
| MD5 | 43d6a36d4b0594e1e83894008ece46ba |
| SHA1 | 87da944d807ba9318be6934325f258f148ad98a7 |
| SHA256 | ba25198b2800ae653229a6ba2200247abfcbd93be1df288b58526e58f7ddda5c |
| SHA512 | 4da05881c11cbdfe9733aca69f9dbfec13a57101f0b28104d7f8ef8ad6b76b9316cf64772ca12bb0f668a31238808c85454c190cea5ed6c9a159f91d19ea2f7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28f35ac11db610136f0095daa6b9ebbe |
| SHA1 | 4dd86b15cce8043d4b354cad7efc83521a477dab |
| SHA256 | 6562358b142a9f8e6022288c75e941df714f776bcc7713ad95f2a2bc42f4af9c |
| SHA512 | 3f645cd087e6452f9e2e492505d836467027666b90145ce080db0a3e9080bbaf222f258e88464cb071ab4e6ce48c5521e15eb23812396dc37741108f8c59b367 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | a1caad46781fbb0d96e873db8d1f066a |
| SHA1 | d137c458a212badf24d042a91e3c6830a5ddbd81 |
| SHA256 | a89a9b1078eb1002b4841fd5ccb0d1397cc349b60442228334a90b311e432f3e |
| SHA512 | 5b3e63517cd7850e891acf5806764b7e7abef225d4f1823a8055bf4bce586064fb8803be670fad5edbdb2c4c9d44233e61398eb029fde772f28068c0991c8fb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | e584c2c014d3c81f88df98ab48c0cb47 |
| SHA1 | 5ba9e330659146db5da4859ab84b92efd5f8d250 |
| SHA256 | 8b1de2b8f3f13f09507576f2f7807c9fde5ebea0e7d4493491c4befa8981d8cc |
| SHA512 | ac2a9217558c10ffd3e1307e3ebaa28442892df883c8614d9067f9f4bd67459660af3ffadf77c98ad96ab6d97135a3fb186017d1aa59fd307fd9a80e836cf55c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cee395f0aec31db59c625ccd09dc7593 |
| SHA1 | 9229691c43ae1fbbb56a98cba358fb1298c27001 |
| SHA256 | ac9a003babf520cf8f36366294c042a39abff6a8a95e7e15f87edd30ee246a24 |
| SHA512 | 0a4aefcb8fe93f290548334565349509591d9f434a6843aefd10d91e37865609da099b6bacb426690c1d83998b9ec6001e4a2dd11891ec39cc83b91203e3f713 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43758766d8cf6bdebd6aba2c7eb04427 |
| SHA1 | 9e4c7f060541c2ebe210d55bb398404bba870483 |
| SHA256 | 2e0f5aad0658ec34cb3bc708d26b713640db20f9d1e8121ef594e0a84421dffa |
| SHA512 | 2c79b31c24870e0b5edfb9b41a2fe24db811f45a2cd8bbd84a964fd92e38e1ef5b322b1ceaf03ff3044f0d0176c6ecde9a5db8a7baca434c2f0412beb46fe1a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ab9bd9e6cccb66419f08e47a28bd5b2f |
| SHA1 | 757b9f0e7ae5cc36c1b2b497861daefec378a6d1 |
| SHA256 | 463efd55a13390ad9242863293f2c3db308c41126c226d06db950b1458e12f95 |
| SHA512 | 8ff459b7a876c5d01a29908283dc094d97fdb55fe352ce75bb435c21323767040dfa6763de84d1fce001b3e3150ea7bbc5b3aa80da81d71e651dad8c95a5ee1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs.js
| MD5 | c44baa94f735b7100b3e5dc9a168e510 |
| SHA1 | 810f469332096af20eb1ca99d180c92374410e45 |
| SHA256 | 6687078160d544ad894647ec6e25e9676b1ab4b2da8573c1386c1e895bfa1f07 |
| SHA512 | ddf418bc3fe7e322e9fa18fecd4e7668170156ece979cd7b05280772257cb7b2e2dd909ca67524417420b42e7fff17de8946c29605c8995818613d263232b55e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 40f930bdbe9397b4c4810de71b84f3d4 |
| SHA1 | 1d05d4b6917a2c39459f25691cd71552f0b94216 |
| SHA256 | 7aee6b0338292f38072794ce8dd75b02a2642ddeecd997bd4b6458e81f93f071 |
| SHA512 | 210ddf9806bcfcd3a3eec8cf0788717a307af11b3821a4e49105fd06838dc4b662ee5326cce4e946409f3feab73ce132862495882ceb99c4cdf82527664c2a34 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\datareporting\glean\pending_pings\61f9a875-3ad0-45fd-98ec-87fed82dce71
| MD5 | f0cdccf1389eb58a1c3a2378f21fa55e |
| SHA1 | adca040629011a81b8c672f644776a2e1edf26ec |
| SHA256 | 3127492ab2a133b951051e833c695d4c46418a2c58faf8c12942c241309cd83d |
| SHA512 | 170160481b7408cb58fef56f6167039e0882119d12a301f33ceca1476af9c3d03dda42d4c9e34ef9779fdbcfa3c7de70e49a751b4a963d46e591cd5247901df7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\datareporting\glean\pending_pings\eb180325-8146-4da4-9d56-09c721d5466f
| MD5 | c7fcdf175a350d0728dc18d996c7c10f |
| SHA1 | 261c1e462567b5dfbe842c0c5efbb1721c00c4d0 |
| SHA256 | 3d7540baa188833fb8e91496c9d331dc6376740814f7e34046fe0d64e1f2ab02 |
| SHA512 | b0ee566041c08610b181bafff4e12ff76ec981141ce7de2eaba86bfb18e2b93491a170aba2e7acc1f1e7d6ba0f48b9697699eacdd4ef34a6b32ad1f4b4202e47 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 2423fcd540b54c5720ec326a1739f184 |
| SHA1 | 7c49d5151cb3298dc70a38653185353df0dbd4cb |
| SHA256 | 34553c46bc6017f1e884e5c146aa1011b634247302512b6dd93306e6ba1a8f86 |
| SHA512 | 2aea122d67edb4275f5f897c541eee40273551f3d597e4a579c43b5c703b1bfecef91128dd59d8632d557ee415eaefb7755dc1c53d4218afaab15c2605cc2942 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs.js
| MD5 | 643072bb879eeaabde3a92c5c36c9cc9 |
| SHA1 | 3c0952bcc49c8fbfce948d43a551bb421a94b00b |
| SHA256 | 1ca914e829b084a59eb4bdc531f6fe38b8cb8e54c1c1de8064e3022744e6baca |
| SHA512 | 0a50a59b85048a52f0e26f209bf4fa92ecd93219bd91e26807c3e3d0e604dd500577043071c323cd77418579ef50b2173f94010aca40367def1335823fd24d63 |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
| MD5 | 7d1d7e1db5d8d862de24415d9ec9aca4 |
| SHA1 | f4cdc5511c299005e775dc602e611b9c67a97c78 |
| SHA256 | ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda |
| SHA512 | 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7736eec507f6d186c5b62c3f5e4e0a6b |
| SHA1 | 57074fd14690b99b1f141206f253b62582edbe30 |
| SHA256 | abd6d1c161145f2639f3db11019f22c44109ae32525670ee4f7de5a02954f850 |
| SHA512 | e29b93b4a140ce1ba415f76ff241eda9d09d55aa78425ca928b98c91286c385a5a75d8099da2f2e63efe41e0f02d119f67a4c1febb10b4b3fcdf22000e7f35b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\extensions.json.tmp
| MD5 | a378766cf9391bf64e2c11abf929c8f2 |
| SHA1 | 469598a4070c8b871e7e393c4f3e9dc787a8387e |
| SHA256 | e1e83de8e41619a9c0ee7805330927c50edc12eaaa60aa108904443f342f23c2 |
| SHA512 | c0352064e1495800733e66b08d12f275690b4f75b68c0ab8c4334e98a4f212d89dd00653929efadc29be966010e7971c74fde259a2be6e36b9e36225f1717ea7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\search.json.mozlz4
| MD5 | 41d220d4783f67d2b57beec20c135229 |
| SHA1 | 6e97765e77920b6010fac2cb4abf1e3cea106541 |
| SHA256 | 5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc |
| SHA512 | dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | a4485540802d0e087259e34f2bf58285 |
| SHA1 | db6778fbb6e2fdd0fab1ef7e20f408633633224e |
| SHA256 | b0c260c0be284a5ff29e865cbe115109d7b40539e6f622d30484fbd4e4e17e56 |
| SHA512 | 8766ac682dc7af304d3c4c99c5ffcb06d4f622e0defb2d42767b44bf521b10add99187d0d551e455a830cb777dd7652afee1b665e857bef0030ed4a54d116ac9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs.js
| MD5 | 3d3ab8df9e5d538049b6d15bd318e2c9 |
| SHA1 | a6357b594fbf3c59a3aa2f72d9da1dee046a43f7 |
| SHA256 | 9a53b01e3768cae8f8fe45bff3a5f6006229e6c549890f62441399a8a1dfcc1a |
| SHA512 | a53d114d2ae02a75cba07079a6616f2eb9f2357c0f1cacffb989e886f39bc87dc85048129eb2902cc82301329da4b0b1b1ffb29eee5f158b002cb3c4bc610811 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs-1.js
| MD5 | 3904dd57a07beecc4dec84d8c7eb2ab9 |
| SHA1 | 4ca004421b3050c2962f2a4137e605ed94688932 |
| SHA256 | 2d205893712b8d920e272582524bdd151edf7368902ec055b2f44f57b36e6833 |
| SHA512 | 90fb9972ac4408428437ecfb40c5f374f5fd7233dca043a4fbd0a553d9237f41cbbf7ddc6841432c50995cbe86b7093fefa62d115cafa63c4b317c5f6a329cc0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 88c985062201446de8c1a7a834dec32b |
| SHA1 | 9c36f5f01d2b674e78aa8ac08997a7ca56202ab1 |
| SHA256 | 9b3f5ca7265f66e586359f0839d3cba18b32ee3237d5c533462d91b7c4eab89a |
| SHA512 | 739e62b73543d71960627a23ffcd295cdafd6ae5e23fe8c0f91b1880533a4355553532abb0f35b783a6221640f4f8a9ae06e30e71b1df525310e2e9d4ceccc3e |
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.Kk-Zo1lB.0.10.exe.part
| MD5 | bfa3546cec9c2805af7bdde6affb1a71 |
| SHA1 | 8851566a5e6214bbc8d9d3b42b252c6b2470b1b1 |
| SHA256 | 0dce66a77afd90a7fc3f3a986037974d42cb1d1d21f6691b93780a3ce3f03f15 |
| SHA512 | 2a85fedb66246bf4656a34a2e842acd8eb4520a3fd2d7be5d79666b5feef15c85278f0ff8fd9d1a4d819544b5754cb935b97b46bada6a5cda1f9e03111cdc884 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a972e1ef4e13235a660791fb9464b3aa |
| SHA1 | 841294d2bfcec33a92adf5e9fe7db663aa130c7c |
| SHA256 | bb5e9297fc048084fbe310d480930efeaa5875ab2683b872940387074637bdbe |
| SHA512 | fd3abc871b2e315bd21bac851bd3c7a9895d1e90df869577ad898809b23f3ae280146e1b1385b7273c8e9f952c83c28d636ed7f893e02edf509ce935c9f71760 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8cobeb0t.default-release\thumbnails\4df9a70f81e0e8003c3f711f536866ef.png
| MD5 | bdd22b3ea0ea7b2d8c5f276a2b3795a8 |
| SHA1 | 032325350310e62515b2f27d7df79f4a8bb19fda |
| SHA256 | ad48adfe44a33a09087d6fed96970a84bdd24e02fb3f5b42db54639598e06680 |
| SHA512 | aac0648df1a59bd96a20ceb117dcb86dd7d22f52f2190ce1fa3ede65c60b8d8a7cd30cfe119f0ef2c706ba8cfe3850ffe3e895a68b128604ed0c2d751a1cf5e2 |
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe
| MD5 | b3b7d6e57d06fa277de0f2d749f5b136 |
| SHA1 | c64f512a6808a8c2e7b9f4ac965a0c8b186ea237 |
| SHA256 | f719a1fafcff313bdde289247b1dc7238272661c4bdb50243aa2a3ee6539498a |
| SHA512 | bfc30bec7cc6bbcba852f4ddc84a858d191fe2e60527eecd08b970558a3b2040e64de6df65de19d18d14b82ed57f2dd0eb76e983759f7ef7ba365a9a5b969c45 |
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe
| MD5 | e3027fe4470593ea9310688b1cea21a0 |
| SHA1 | 12d9c7661a91f3510638af5bd1c14443aa2ceff1 |
| SHA256 | 28cce7070325f5f10d193e871696040b15b2556d30455c2ccb0ec470fc99e202 |
| SHA512 | 7310960cfe05823c8390f45c84194aa0d47129486ed12d1e8427adf5a6132e5fe2de4bcd45c7590796cb70268ec9855856499348b7259991ffc3140dc87a6a69 |
\Users\Admin\AppData\Local\Temp\nsl1CB3.tmp\System.dll
| MD5 | 480304643eee06e32bfc0ff7e922c5b2 |
| SHA1 | 383c23b3aba0450416b9fe60e77663ee96bb8359 |
| SHA256 | f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce |
| SHA512 | 125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642 |
\Users\Admin\AppData\Local\Temp\nsl1CB3.tmp\LangDLL.dll
| MD5 | 59888d7d17f0100e5cffe2aca0b3dfaf |
| SHA1 | 8563187a53d22f33b90260819624943204924fdc |
| SHA256 | f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3 |
| SHA512 | d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs-1.js
| MD5 | 0f3ee028d8346b074488fb27fe1c429a |
| SHA1 | 16d816426d1a72e0fca1343bb47a938db46dc9a6 |
| SHA256 | 82453a3569fcbfaa354d043327a3a7e01fbb1c028d1da570492b28e2f6da4f76 |
| SHA512 | 5cb6a01edc240a84d0cba0ae408c39ae092908dd5af0639d4c2fcd1d52993f977ca8997633ac62b8bf802f92d8680f897359f830c72b1aa2fe04820cd00d0389 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\sessionstore.jsonlz4
| MD5 | 1fbd3dd3a2ab033ab6c91d41d0fbef12 |
| SHA1 | 9d2245c1a5fc32a4734bf5d6628ca7a16652b870 |
| SHA256 | 1fff358139ab90c87feb3197acb55e856391250b2d9a264ac6ca08bf29f68002 |
| SHA512 | db94d83a6204aa8d0f6d5eb19090af17e4edb31e5a5e6454100250d0e841d2e70b58974d8738c35d89da2210d2db59e30ec1d40a050487c73dd42a88496fe1a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\sessionCheckpoints.json.tmp
| MD5 | 6b77a9f779399e95d1cee931a2c8f8ff |
| SHA1 | 826efd4feb0d50fcce5696111af7c811b81adcd9 |
| SHA256 | 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3 |
| SHA512 | ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f |
memory/4364-3920-0x0000000140000000-0x0000000140070000-memory.dmp
memory/4364-3921-0x00007FF9A6040000-0x00007FF9A604F000-memory.dmp
memory/4364-3975-0x0000000140000000-0x0000000140070000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsl1CB3.tmp\nsDialogs.dll
| MD5 | 990eb444cf524aa6e436295d5fc1d671 |
| SHA1 | ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3 |
| SHA256 | 46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8 |
| SHA512 | d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27 |
memory/4364-4115-0x0000000140000000-0x0000000140070000-memory.dmp
memory/4364-4117-0x00007FF9A7820000-0x00007FF9A782D000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk
| MD5 | 2efc676f080cfb58a0c1bd77aec87c1e |
| SHA1 | 2dd8df6218d76a56bf6d8874a92233de978f7873 |
| SHA256 | 4991c43d42e142b366fee562a5bbdb14fa002e69a579eb490924d57b979a0fc7 |
| SHA512 | 3c8306b704c7cb0349b6ad31ea0b0577d3aab3afae24471fcefe857fe0977e90e6862717cd8b393564f40f4f054acd685bb4f40df4c9d960ae9c30d9efcc122c |
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
| MD5 | 15ff36f3e045f98652c3909d99de57ab |
| SHA1 | 1df6b4e970451227269e09be8c67067bc8a6d7db |
| SHA256 | d5a7aec0caef36f3e1726b7e91bad676e227ecd1aa6750ad4aef34c9411985ac |
| SHA512 | 2081aa0459ba3ea01123b5d3f760fa3198e677c914aa9c648716e667d21338e63a918c065f11c2a10b8c3adb273693825b3b878207bcf39c68c6e7de909eaf2c |
\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll
| MD5 | 4d0887daeff8ab3105e737d8aa3ea8d7 |
| SHA1 | ea9a8c004b460d56dc6368a99bde6175e4bed127 |
| SHA256 | eded7914f589bc87fc5d07ae93585b2f4a86b6497627b8669bc71453712e243c |
| SHA512 | b4425c08eb318b3777b6c9cb55a08708ed64d4b0c941dfbd8d0b16f9dad6a4cc13aa93598f45e88f193f24c2380bf404f601eafa80186356ccb8e650f54b70ed |
memory/4364-4171-0x0000000140000000-0x0000000140070000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll
| MD5 | f1ee115c557e3a86498ea4a28aeb1987 |
| SHA1 | fef2c4e1686c1e80c6f215b695cce9ea5095acc2 |
| SHA256 | 81fec8f9544cda31f96cafd80b9591755e6af0bcc9fb904551fd5c8da1acb0c1 |
| SHA512 | 0d2ceff379df79da5f942697f613ae24b597ce900903293a92af5cb6c37d46be482ceb1ca4168a8ff155b3c49d93ba36e92e25ec0532087510f304e1906d9a60 |
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list
| MD5 | 70b1d09d91bc834e84a48a259f7c1ee9 |
| SHA1 | 592ddaec59f760c0afe677ad3001f4b1a85bb3c0 |
| SHA256 | 2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce |
| SHA512 | b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 6a80db2e88e0d40e38079f359cd92689 |
| SHA1 | 83fccaa49b37e407512f245a49920f35969ab0bb |
| SHA256 | 9810d9ff5d3b6c97ce88f95c8619dda6c377af9c48ffe8771ad2726d7349a1af |
| SHA512 | 426273c34b131d00293532b7c956f0d6bf716dcad2efb48e56e5e555a903613ca81be83fb3b447ef8b814a72c8aa9892c4d93cfa49f9ff8b6fd11facab26a101 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | a1a29141c3dd9569f50445240652bd85 |
| SHA1 | 0952e3f75d6ec560432aeb62ba57cf4dfd56f64c |
| SHA256 | a3e03fc8b2e431917b6cf780d7b4b48148d846b591ed66f85bd834df059f41ac |
| SHA512 | 4da9fddf2cd47ee8b59daff1e201096ad51535eec06cfa0438ddda6286cb006a15f956975c45e91fdb5d964a1234873385e3c713571ed116fc2b2c0c20c858e5 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
| MD5 | 7d3d11283370585b060d50a12715851a |
| SHA1 | 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3 |
| SHA256 | 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9 |
| SHA512 | a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
| MD5 | 5531d35cdd491f6e929178cc9ff52051 |
| SHA1 | 04f77846fd9d270d6d2b9b801181cde785549115 |
| SHA256 | 18414d1179e9ae974925e7298941e28052ce13005e1b1bc9ad2249043e010c61 |
| SHA512 | 6a583cc4f1d46d73ecb9adb406bf9e1aa0dbb0bcfc56ae8b2fa80dea1796c2ba9d6585980b21bba863d25f236e46fddf4d44802ab5a91c8459801b91b7c0e4c5 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json.tmp
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
| MD5 | ee72fb7b722ae9fb2e4e770510417057 |
| SHA1 | 11d0fe160623fd1cd1cb07e9f7fa706b198653a2 |
| SHA256 | 0b459140db7a250c0f6a48c883832bad9008f7df9f96a2cbc35fd1eaa6bb4916 |
| SHA512 | c6fdd45d55af5a9b78f70c4fdf5b63a7c70cbd180e0f2785df2fb3ec87075d0d6325259a92c05075d0b1103ef8f1b701d5afa04c3b7af1f969bc4abeb0eacbfa |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp
| MD5 | 6c56328039491c686c13592b650ffcd4 |
| SHA1 | 6b2c0172abc100c4483a05c9710209314271c43b |
| SHA256 | 9df48ff6a358bf41794d45c90099e0ace2df5a21fe4960137ca2034007de2989 |
| SHA512 | 6ddbea4543a46cb7171e2dc379040df3ee412b9a1a0f2e93395c95ec5a81a7397f93827c49cb35368632a7c035068a7fa2d2630903efb2b36054d8fadd08c110 |
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new
| MD5 | 4c7bc1264d91830798036aa13c35d01e |
| SHA1 | 98f28d4c558be5d67beb7c686b8ea76faece6acc |
| SHA256 | ef09c6133cef2155b8a9a757880ff3b574a21e2109948bc9279c656d081b216d |
| SHA512 | e51d45a2892ccbff2c41b492f0d752e33c4786f54168710a32ca6169ab1afe286ac22419645b179f6e617a9f2b15ace9989a6523c404e502cf7e41f4783978ba |
memory/4584-4443-0x000002165B8E0000-0x000002165BA50000-memory.dmp
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
| MD5 | c71b7bffff909cf080be16b084e7bb91 |
| SHA1 | ffab862f4d10dedcc9ebf9a632a227efc3c9706f |
| SHA256 | 70194158cd0a07f4f65caf7588b47c01f465d987821b1fc2eeaebfead2041eaf |
| SHA512 | 42693fe3244af120e8df7f339a2962afe53bc61af03420ce1f948dd823791d3bfa3cecb56688651933547523a6fa691e3c874e19cadb2aafba23e66a3480de89 |