Malware Analysis Report

2024-11-30 11:42

Sample ID 240225-yes5ysbd4w
Target LockBit3.0.exe
SHA256 b65b65c3ccf923af7be7db31b3919120e47849cc3e870afdac1bc555fc25b200
Tags
lockbit evasion ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b65b65c3ccf923af7be7db31b3919120e47849cc3e870afdac1bc555fc25b200

Threat Level: Known bad

The file LockBit3.0.exe was found to be: Known bad.

Malicious Activity Summary

lockbit evasion ransomware spyware stealer trojan

Rule to detect Lockbit 3.0 ransomware Windows payload

Lockbit

Lockbit family

Renames multiple (402) files with added filename extension

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Deletes itself

Reads user/profile data of web browsers

Executes dropped EXE

Checks whether UAC is enabled

Drops desktop.ini file(s)

Sets desktop wallpaper using registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Opens file in notepad (likely ransom note)

Modifies Control Panel

Checks processor information in registry

Suspicious behavior: RenamesItself

NTFS ADS

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-25 19:42

Signatures

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-25 19:42

Reported

2024-02-25 19:47

Platform

win10-20240221-en

Max time kernel

299s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe"

Signatures

Lockbit

ransomware lockbit

Renames multiple (402) files with added filename extension

ransomware

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\ProgramData\7F04.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe N/A
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe N/A
N/A N/A C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-2852630833-2010812756-3750823755-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-2852630833-2010812756-3750823755-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\spool\PRINTERS\PPkbh1x0r4wv3smudkwghbc0y8d.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPwanhzmdf0sjj0ih5hctpoqrmb.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\00002.SPL C:\Windows\splwow64.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PP77og9a4g8seafhcjm77jr6cad.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\kw33XQBp8.bmp" C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\kw33XQBp8.bmp" C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\ProgramData\7F04.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\system32\svchost.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\Desktop C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533638390048125" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.kw33XQBp8 C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.kw33XQBp8\ = "kw33XQBp8" C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\kw33XQBp8\DefaultIcon C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\kw33XQBp8 C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\kw33XQBp8\DefaultIcon\ = "C:\\ProgramData\\kw33XQBp8.ico" C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3504 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe C:\Windows\splwow64.exe
PID 3504 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe C:\Windows\splwow64.exe
PID 2980 wrote to memory of 192 N/A C:\Windows\system32\printfilterpipelinesvc.exe C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
PID 2980 wrote to memory of 192 N/A C:\Windows\system32\printfilterpipelinesvc.exe C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
PID 3504 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe C:\ProgramData\7F04.tmp
PID 3504 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe C:\ProgramData\7F04.tmp
PID 3504 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe C:\ProgramData\7F04.tmp
PID 3504 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe C:\ProgramData\7F04.tmp
PID 4364 wrote to memory of 4372 N/A C:\ProgramData\7F04.tmp C:\Windows\SysWOW64\cmd.exe
PID 4364 wrote to memory of 4372 N/A C:\ProgramData\7F04.tmp C:\Windows\SysWOW64\cmd.exe
PID 4364 wrote to memory of 4372 N/A C:\ProgramData\7F04.tmp C:\Windows\SysWOW64\cmd.exe
PID 5024 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 1336 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2256 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5024 wrote to memory of 4892 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe

"C:\Users\Admin\AppData\Local\Temp\LockBit3.0.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\system32\printfilterpipelinesvc.exe

C:\Windows\system32\printfilterpipelinesvc.exe -Embedding

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{5365BEDD-FEB7-45C2-A94A-ADD80FE7EB6F}.xps" 133533637806520000

C:\ProgramData\7F04.tmp

"C:\ProgramData\7F04.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\7F04.tmp >> NUL

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\kw33XQBp8.README.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9a21a9758,0x7ff9a21a9768,0x7ff9a21a9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4948 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3840 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2948 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5068 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2936 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1692 --field-trial-handle=1704,i,961896929039244197,13335274640670365003,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.0.52195678\57663318" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1476 -prefsLen 18084 -prefMapSize 231738 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2972b884-2fd9-445c-9f1e-f068be43e252} 824 "\\.\pipe\gecko-crash-server-pipe.824" 1672 1921fe68e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.1.215238623\946107287" -parentBuildID 20221007134813 -prefsHandle 2260 -prefMapHandle 1528 -prefsLen 18635 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d2a8c02-0dca-4575-804c-431428dea309} 824 "\\.\pipe\gecko-crash-server-pipe.824" 2280 192200dc658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.2.545369751\184955198" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2996 -prefsLen 19464 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22ddc56e-e164-4244-bee3-109ccdc21494} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3020 19222dc4858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.3.2081627098\1044888452" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 19571 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07603e2b-dcd8-479b-b136-ae320254d04b} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3496 1921506a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.4.1344810971\454492500" -parentBuildID 20221007134813 -prefsHandle 3876 -prefMapHandle 3796 -prefsLen 21681 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {642bf0e8-eaee-482b-a95c-38c32119da8a} 824 "\\.\pipe\gecko-crash-server-pipe.824" 3448 19224e5d758 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.7.1324812467\70798845" -childID 5 -isForBrowser -prefsHandle 4892 -prefMapHandle 4856 -prefsLen 27718 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e15d8b1-ec63-4e18-9893-02578f9c6410} 824 "\\.\pipe\gecko-crash-server-pipe.824" 4920 192272a8758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.6.55591034\1159764484" -childID 4 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 27718 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f60d49-25e0-4bd1-9e21-8a81a9db8ffa} 824 "\\.\pipe\gecko-crash-server-pipe.824" 4768 19226f93e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.5.2105351631\1428371676" -childID 3 -isForBrowser -prefsHandle 5048 -prefMapHandle 4832 -prefsLen 27683 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffec913c-657c-421e-8471-aa0b5ffccb4c} 824 "\\.\pipe\gecko-crash-server-pipe.824" 5016 19226f91a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="824.8.1199733957\1075554355" -childID 6 -isForBrowser -prefsHandle 5548 -prefMapHandle 5540 -prefsLen 27928 -prefMapSize 231738 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4bb65e8-38a8-4974-867b-45a62ae9daa4} 824 "\\.\pipe\gecko-crash-server-pipe.824" 5572 19229cb9858 tab

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.0.513568249\882844254" -parentBuildID 20240213172118 -prefsHandle 1924 -prefMapHandle 1736 -prefsLen 19244 -prefMapSize 243693 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {2281663e-e6a5-44c2-869c-ebfdaa759d20} 4584 gpu

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.1.393125940\1856507710" -childID 1 -isForBrowser -prefsHandle 2604 -prefMapHandle 2600 -prefsLen 20126 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c9da4265-cba5-40a8-8d1d-090ba3148bf7} 4584 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.2.170729653\1746762819" -childID 2 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 20938 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {82d3b8af-edb9-488b-8015-7ece831befe0} 4584 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:5a4fe701714d501e60aa7e73bd1ccc7462f5ed7145348b274ed576952e +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 4584 DisableNetwork 1

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.3.1885592823\1851860871" -childID 3 -isForBrowser -prefsHandle 3420 -prefMapHandle 3436 -prefsLen 21015 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {78c4cb71-9fdf-42dc-8c6b-3902ddadde4c} 4584 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.4.1009001677\628360830" -parentBuildID 20240213172118 -prefsHandle 3460 -prefMapHandle 3420 -prefsLen 22190 -prefMapSize 243693 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0407531a-a3cd-4acf-804c-c0f0c9c5ccf7} 4584 rdd

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.5.1029828813\1588413359" -childID 4 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 22392 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {b22edbfc-325d-4955-a625-e95bbc19b329} 4584 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.6.580520655\1370647229" -childID 5 -isForBrowser -prefsHandle 2924 -prefMapHandle 4092 -prefsLen 22392 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {85e1d1de-17db-4b96-8a19-4487edb9cb0d} 4584 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.7.641866205\139380674" -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 3824 -prefsLen 22392 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0a444b71-d39a-4d28-b686-6c79ec9b7404} 4584 tab

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.8.2008463222\744495137" -childID 7 -isForBrowser -prefsHandle 4228 -prefMapHandle 4108 -prefsLen 22567 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {eecea9ff-0618-4310-9bd2-89b7416ec67d} 4584 tab

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\kw33XQBp8.README.txt

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="4584.9.2011389627\1746481691" -childID 8 -isForBrowser -prefsHandle 1576 -prefMapHandle 1820 -prefsLen 22845 -prefMapSize 243693 -jsInitHandle 852 -jsInitLen 240916 -parentBuildID 20240213172118 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {30daad5c-e63f-4163-b14e-b5e62ae4aa0f} 4584 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 192.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 lockbitapt.uz udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 lockbitapt.uz udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 lockbitapt.uz udp
US 8.8.8.8:53 lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly udp
US 209.141.39.59:80 lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly tcp
US 209.141.39.59:80 lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly tcp
US 209.141.39.59:80 lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly tcp
US 8.8.8.8:53 59.39.141.209.in-addr.arpa udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 simplesharebuttons.com udp
US 8.8.8.8:53 it7otdanqu7ktntxzm427cba6i53w6wlanlh23v5i3siqmos47pzhvyd.onion.ly udp
US 8.8.8.8:53 darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion.ly udp
US 8.8.8.8:53 papyrefb3jewa7fdbakdomx2pj576w7u25fk3kjk6gyyuofz5awcu4id.onion.ly udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 162.243.82.235:443 simplesharebuttons.com tcp
US 162.243.82.235:443 simplesharebuttons.com tcp
US 162.243.82.235:443 simplesharebuttons.com tcp
US 162.243.82.235:443 simplesharebuttons.com tcp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 raptora2y6r3bxmjcd3xglr3tcakc6ezq3omyzbnvwahhpi27l3w4yad.onion.ly udp
US 8.8.8.8:53 reddit.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 vkontakte.ru udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.tor2web.org udp
US 8.8.8.8:53 www.torproject.org udp
US 8.8.8.8:53 zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion.ly udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 235.82.243.162.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 44.230.179.24:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 44.239.242.57:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 54.218.225.239:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
N/A 127.0.0.1:53127 tcp
N/A 127.0.0.1:53138 tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 24.179.230.44.in-addr.arpa udp
US 8.8.8.8:53 239.225.218.54.in-addr.arpa udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 37.158.120.34.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 www.torproject.org udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
DE 116.202.120.166:443 www.torproject.org tcp
US 8.8.8.8:53 www.torproject.org udp
US 8.8.8.8:53 www.torproject.org udp
US 8.8.8.8:53 57.242.239.44.in-addr.arpa udp
US 8.8.8.8:53 166.120.202.116.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
DE 116.202.120.166:443 www.torproject.org tcp
DE 116.202.120.166:443 www.torproject.org tcp
DE 116.202.120.166:443 www.torproject.org tcp
DE 116.202.120.166:443 www.torproject.org tcp
DE 116.202.120.166:443 www.torproject.org tcp
DE 116.202.120.166:443 www.torproject.org tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
DE 116.202.120.166:443 www.torproject.org tcp
DE 116.202.120.166:443 www.torproject.org tcp
US 8.8.8.8:53 dist.torproject.org udp
DE 116.202.120.166:443 dist.torproject.org tcp
US 8.8.8.8:53 dist.torproject.org udp
US 8.8.8.8:53 dist.torproject.org udp
DE 116.202.120.166:443 dist.torproject.org tcp
US 8.8.8.8:53 204.178.17.96.in-addr.arpa udp
N/A 127.0.0.1:54026 tcp
N/A 127.0.0.1:9151 tcp
N/A 127.0.0.1:54112 tcp
N/A 127.0.0.1:54133 tcp
NL 193.142.147.198:9001 tcp
US 8.8.8.8:53 198.147.142.193.in-addr.arpa udp
DE 85.215.160.111:44441 tcp
CH 85.195.244.251:443 tcp
US 8.8.8.8:53 251.244.195.85.in-addr.arpa udp
US 8.8.8.8:53 111.160.215.85.in-addr.arpa udp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp

Files

memory/3504-0-0x0000000002910000-0x0000000002920000-memory.dmp

memory/3504-1-0x0000000002910000-0x0000000002920000-memory.dmp

memory/3504-2-0x0000000002910000-0x0000000002920000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2852630833-2010812756-3750823755-1000\YYYYYYYYYYY

MD5 0508c3b0d91e20fb700d336bae38f422
SHA1 414e28b9c12182f3076a19f5486434048a7c9940
SHA256 9ab852c2f0d8cad377bf413ffc79bad525e0df50bc32410f0950c7befaa498a3
SHA512 35db02919dc3b81fb2c599715624f65049c5558f784cd322cc08c36b4fb307ebfcbb50f3095c8a8f28c3d0382daf15ec492ba2736362bf804fcaf4017187c8cd

F:\$RECYCLE.BIN\S-1-5-21-2852630833-2010812756-3750823755-1000\DDDDDDDDDDD

MD5 375d6a2323b3c92024dfaa3fa0b58617
SHA1 0b4ee95423052f79599918f8e23128b261564d6c
SHA256 61b2226743e04c9d2ba5745f00815ad59edacb78d4532a36a2b92830af5a18b6
SHA512 273ef342903e1bd96f060e8b8d88a1c32f49095ef05a2b61ffd362552d35d656a3934093920797916bb2da56190bc94a6cc2b91f371827d8e01c7e29886a7bf8

C:\kw33XQBp8.README.txt

MD5 cca1d7711f5d94c79cba034b2a5751f8
SHA1 cb488d5903d1f0e08522b211b083b807efecc56e
SHA256 f11a12edc48137b36b7f4b0d04a4aca156e3090270102705893cfc6d3dde91e6
SHA512 8262d55a8e9514eba815dcbbfb7e388bb1fed03a4ea6dab6b1c9ee2f3ed327758b53d7973c0ae334355419b0aecbe78ae6028b666be2bc3174d4cf09be40eadc

memory/3880-2531-0x0000021063BB0000-0x0000021063BC0000-memory.dmp

memory/3880-2538-0x00000210642F0000-0x00000210642F1000-memory.dmp

memory/3880-2540-0x00000210688D0000-0x00000210688D1000-memory.dmp

memory/3880-2542-0x0000021068A10000-0x0000021068A11000-memory.dmp

memory/3880-2543-0x0000021068A20000-0x0000021068A21000-memory.dmp

C:\ProgramData\7F04.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

memory/4364-2559-0x000000007FEA0000-0x000000007FEA1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDD

MD5 e4b857b3925713da2e6b54808b20b4ae
SHA1 6065c1d57eab3ee728f88152ce12a1220367facd
SHA256 d83eb5fc9949df3b43098910cb47585ad19ab7baa93c8708ee4cfaa43e88d04b
SHA512 c1b216adae6fcb5dc9036cc7a5b025ebc2d2c75784eb4fbf55ea4b355c8b282935b9e9aef4962448baaeef56132dad661c8a38ca085dd5a0a1273b453dfa9340

memory/4364-2583-0x0000000000570000-0x0000000000580000-memory.dmp

memory/192-2589-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp

memory/4364-2590-0x0000000000570000-0x0000000000580000-memory.dmp

memory/4364-2591-0x000000007FE80000-0x000000007FE81000-memory.dmp

memory/192-2593-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp

memory/192-2594-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp

memory/4364-2592-0x000000007FE20000-0x000000007FE21000-memory.dmp

memory/192-2595-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2596-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp

memory/192-2597-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2598-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2599-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2601-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2603-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2604-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2605-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2606-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2608-0x00007FF9AE290000-0x00007FF9AE33E000-memory.dmp

memory/192-2607-0x00007FF96ADA0000-0x00007FF96ADB0000-memory.dmp

memory/192-2609-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2611-0x00007FF96ADA0000-0x00007FF96ADB0000-memory.dmp

memory/192-2610-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2612-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2613-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2615-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2617-0x00007FF9AE290000-0x00007FF9AE33E000-memory.dmp

memory/192-2618-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2620-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2622-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

memory/192-2624-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{EC94FF78-C089-4C07-99B8-EC8FF9504467}

MD5 5246746493ed1d6a9fc3cadfe30639f6
SHA1 12be6fc78d403cfeec51a1c45ae36f9c4b70d3e6
SHA256 77ccba4160b3073f468205343d0f2238959d8049c4ac3e0aa6a0bb43068cbf9b
SHA512 39ae5e85a4c2b3438af1d7efa11ccd2b93aa02f74f7d620c430ec16af19eb89d0529ad25b727f748bbcd4b6a1b738f8f36d7fe546c123011f0b9f479007a1fcf

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2

MD5 f56f4467607acbae8aeea222bb555835
SHA1 320c321a5bef2f6b7e8c0a47f805268ef7a46fef
SHA256 58ca0137e52265a273b00d4fe245d5c6c8db7fe1369f19d32c4c37a7cecbb489
SHA512 880a41fdc7bd25f31803cd3e9b2de38867d3bf28facc852407b952e4c71091d57506ca0407e2be623a792b7fce91db648ba31e9de035d5d6c7d11cecf2c86a93

memory/192-3081-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp

memory/192-3082-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp

memory/192-3083-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp

memory/192-3084-0x00007FF96E4E0000-0x00007FF96E4F0000-memory.dmp

memory/192-3085-0x00007FF9AE290000-0x00007FF9AE33E000-memory.dmp

memory/192-3086-0x00007FF9AE450000-0x00007FF9AE62B000-memory.dmp

\??\pipe\crashpad_5024_GEJTFNGOGNRRUFBC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 ef36a84ad2bc23f79d171c604b56de29
SHA1 38d6569cd30d096140e752db5d98d53cf304a8fc
SHA256 e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512 dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-65D5C38B-127C.pma.kw33XQBp8

MD5 4597bf6c66d3e0b83f92736082ad1421
SHA1 cc62afb5ced721473f7656b371ddf298b478b8c4
SHA256 b9dbb043314bc057b65c580403192aa6babb9cf8008baacc3144f2c664ce93e7
SHA512 41fa1543625daa3508a769a08b1746b79eaa21c5ef61f20974bf81f4a79e7c0ca2299069406527172c4af33bcc87770cf0cec9151ea53f60aae68249fda4bf0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe586c03.TMP

MD5 d7da2503210502969a68817051834a27
SHA1 affff1fab7706c3f8a6b0e06f38752416b693da2
SHA256 8d3c70ee161a76a7d617574506a7100faae52568358ea63082749f1907268bcd
SHA512 352de6bc802ee0061faa9a4054a733d40171f0bc5971ec2338e7ab23bcde5801d5fcfed9eef58c95cf11abec700714da6f0ab346346d47f0da75ff61c3efd08f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 73689a2874558814e9962e1b20d20c5b
SHA1 85057b2bc4e1cde72ed014d7c09cf1abf00412c1
SHA256 b492a17b6ff6eb126b2e34f591bcfe6ea4e26ed37e6282af9f0e5826690e2087
SHA512 c640e20cb546e4b3224925939ead85efd2271889d718c8f87a156a705e2dfca68aca8c9eb74c996f38ed7aa588d91d09889a7ef35ce39031e1c3bed6e23324a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d88e43a6d819a7910938257f1b1e81c
SHA1 6bdc2d0789b6e01ba3d0aee32926a265e837fe27
SHA256 5e5684fd69328bb1bfd2a29861b930d2d0f3e5297bf8439c079aa222155a6d26
SHA512 e74619fa7fcdc2d1451f58abd7b89296adc8ce23b3a28d8682a91805b16afb9e9cd92ba8056fbadfa2c74d72348d25b7f359065297881477122bf0bca10ad687

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5175daccb519a918d50dbbb99e95728b
SHA1 78f51b14dfc23ee174762af200e2e0b56f26f493
SHA256 6f3c309a6285c4a42113e4aabdf2af7705f7fd58d181f7a120411e09909c64da
SHA512 8f8f288abf17fd50b3fa49707eaa234f8bccb565d09cc11e4a333486eb6c7e7a937b90bfcb959879639b15cbbe530a60efc6e64c21b994336f99e66329cc8f9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b169f2bee2f56177e0a4e6dc63f233d
SHA1 880b22a7316d5cbbc6c5ce756c2a1f874cbb4ed0
SHA256 2143136681968c06b36ecf9680c137e4e6c3b33b7ecc3529784b9ab1f6082691
SHA512 45fa807df0e70048d36a410e0286d3124ff14c313365e1bdf902793215d617cd129f189f6f00159ffbeeac32c2a2692e07c4cc35c1b344f526ce99b8fd0be179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\09c5ffdb-f550-47d9-9c9b-70d549e7940b.tmp

MD5 43d6a36d4b0594e1e83894008ece46ba
SHA1 87da944d807ba9318be6934325f258f148ad98a7
SHA256 ba25198b2800ae653229a6ba2200247abfcbd93be1df288b58526e58f7ddda5c
SHA512 4da05881c11cbdfe9733aca69f9dbfec13a57101f0b28104d7f8ef8ad6b76b9316cf64772ca12bb0f668a31238808c85454c190cea5ed6c9a159f91d19ea2f7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28f35ac11db610136f0095daa6b9ebbe
SHA1 4dd86b15cce8043d4b354cad7efc83521a477dab
SHA256 6562358b142a9f8e6022288c75e941df714f776bcc7713ad95f2a2bc42f4af9c
SHA512 3f645cd087e6452f9e2e492505d836467027666b90145ce080db0a3e9080bbaf222f258e88464cb071ab4e6ce48c5521e15eb23812396dc37741108f8c59b367

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 a1caad46781fbb0d96e873db8d1f066a
SHA1 d137c458a212badf24d042a91e3c6830a5ddbd81
SHA256 a89a9b1078eb1002b4841fd5ccb0d1397cc349b60442228334a90b311e432f3e
SHA512 5b3e63517cd7850e891acf5806764b7e7abef225d4f1823a8055bf4bce586064fb8803be670fad5edbdb2c4c9d44233e61398eb029fde772f28068c0991c8fb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 e584c2c014d3c81f88df98ab48c0cb47
SHA1 5ba9e330659146db5da4859ab84b92efd5f8d250
SHA256 8b1de2b8f3f13f09507576f2f7807c9fde5ebea0e7d4493491c4befa8981d8cc
SHA512 ac2a9217558c10ffd3e1307e3ebaa28442892df883c8614d9067f9f4bd67459660af3ffadf77c98ad96ab6d97135a3fb186017d1aa59fd307fd9a80e836cf55c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cee395f0aec31db59c625ccd09dc7593
SHA1 9229691c43ae1fbbb56a98cba358fb1298c27001
SHA256 ac9a003babf520cf8f36366294c042a39abff6a8a95e7e15f87edd30ee246a24
SHA512 0a4aefcb8fe93f290548334565349509591d9f434a6843aefd10d91e37865609da099b6bacb426690c1d83998b9ec6001e4a2dd11891ec39cc83b91203e3f713

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43758766d8cf6bdebd6aba2c7eb04427
SHA1 9e4c7f060541c2ebe210d55bb398404bba870483
SHA256 2e0f5aad0658ec34cb3bc708d26b713640db20f9d1e8121ef594e0a84421dffa
SHA512 2c79b31c24870e0b5edfb9b41a2fe24db811f45a2cd8bbd84a964fd92e38e1ef5b322b1ceaf03ff3044f0d0176c6ecde9a5db8a7baca434c2f0412beb46fe1a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ab9bd9e6cccb66419f08e47a28bd5b2f
SHA1 757b9f0e7ae5cc36c1b2b497861daefec378a6d1
SHA256 463efd55a13390ad9242863293f2c3db308c41126c226d06db950b1458e12f95
SHA512 8ff459b7a876c5d01a29908283dc094d97fdb55fe352ce75bb435c21323767040dfa6763de84d1fce001b3e3150ea7bbc5b3aa80da81d71e651dad8c95a5ee1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs.js

MD5 c44baa94f735b7100b3e5dc9a168e510
SHA1 810f469332096af20eb1ca99d180c92374410e45
SHA256 6687078160d544ad894647ec6e25e9676b1ab4b2da8573c1386c1e895bfa1f07
SHA512 ddf418bc3fe7e322e9fa18fecd4e7668170156ece979cd7b05280772257cb7b2e2dd909ca67524417420b42e7fff17de8946c29605c8995818613d263232b55e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 40f930bdbe9397b4c4810de71b84f3d4
SHA1 1d05d4b6917a2c39459f25691cd71552f0b94216
SHA256 7aee6b0338292f38072794ce8dd75b02a2642ddeecd997bd4b6458e81f93f071
SHA512 210ddf9806bcfcd3a3eec8cf0788717a307af11b3821a4e49105fd06838dc4b662ee5326cce4e946409f3feab73ce132862495882ceb99c4cdf82527664c2a34

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\datareporting\glean\pending_pings\61f9a875-3ad0-45fd-98ec-87fed82dce71

MD5 f0cdccf1389eb58a1c3a2378f21fa55e
SHA1 adca040629011a81b8c672f644776a2e1edf26ec
SHA256 3127492ab2a133b951051e833c695d4c46418a2c58faf8c12942c241309cd83d
SHA512 170160481b7408cb58fef56f6167039e0882119d12a301f33ceca1476af9c3d03dda42d4c9e34ef9779fdbcfa3c7de70e49a751b4a963d46e591cd5247901df7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\datareporting\glean\pending_pings\eb180325-8146-4da4-9d56-09c721d5466f

MD5 c7fcdf175a350d0728dc18d996c7c10f
SHA1 261c1e462567b5dfbe842c0c5efbb1721c00c4d0
SHA256 3d7540baa188833fb8e91496c9d331dc6376740814f7e34046fe0d64e1f2ab02
SHA512 b0ee566041c08610b181bafff4e12ff76ec981141ce7de2eaba86bfb18e2b93491a170aba2e7acc1f1e7d6ba0f48b9697699eacdd4ef34a6b32ad1f4b4202e47

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\datareporting\glean\db\data.safe.bin

MD5 2423fcd540b54c5720ec326a1739f184
SHA1 7c49d5151cb3298dc70a38653185353df0dbd4cb
SHA256 34553c46bc6017f1e884e5c146aa1011b634247302512b6dd93306e6ba1a8f86
SHA512 2aea122d67edb4275f5f897c541eee40273551f3d597e4a579c43b5c703b1bfecef91128dd59d8632d557ee415eaefb7755dc1c53d4218afaab15c2605cc2942

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs.js

MD5 643072bb879eeaabde3a92c5c36c9cc9
SHA1 3c0952bcc49c8fbfce948d43a551bb421a94b00b
SHA256 1ca914e829b084a59eb4bdc531f6fe38b8cb8e54c1c1de8064e3022744e6baca
SHA512 0a50a59b85048a52f0e26f209bf4fa92ecd93219bd91e26807c3e3d0e604dd500577043071c323cd77418579ef50b2173f94010aca40367def1335823fd24d63

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

MD5 7d1d7e1db5d8d862de24415d9ec9aca4
SHA1 f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256 ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA512 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\datareporting\glean\db\data.safe.bin

MD5 7736eec507f6d186c5b62c3f5e4e0a6b
SHA1 57074fd14690b99b1f141206f253b62582edbe30
SHA256 abd6d1c161145f2639f3db11019f22c44109ae32525670ee4f7de5a02954f850
SHA512 e29b93b4a140ce1ba415f76ff241eda9d09d55aa78425ca928b98c91286c385a5a75d8099da2f2e63efe41e0f02d119f67a4c1febb10b4b3fcdf22000e7f35b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\extensions.json.tmp

MD5 a378766cf9391bf64e2c11abf929c8f2
SHA1 469598a4070c8b871e7e393c4f3e9dc787a8387e
SHA256 e1e83de8e41619a9c0ee7805330927c50edc12eaaa60aa108904443f342f23c2
SHA512 c0352064e1495800733e66b08d12f275690b4f75b68c0ab8c4334e98a4f212d89dd00653929efadc29be966010e7971c74fde259a2be6e36b9e36225f1717ea7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\search.json.mozlz4

MD5 41d220d4783f67d2b57beec20c135229
SHA1 6e97765e77920b6010fac2cb4abf1e3cea106541
SHA256 5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc
SHA512 dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a4485540802d0e087259e34f2bf58285
SHA1 db6778fbb6e2fdd0fab1ef7e20f408633633224e
SHA256 b0c260c0be284a5ff29e865cbe115109d7b40539e6f622d30484fbd4e4e17e56
SHA512 8766ac682dc7af304d3c4c99c5ffcb06d4f622e0defb2d42767b44bf521b10add99187d0d551e455a830cb777dd7652afee1b665e857bef0030ed4a54d116ac9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs.js

MD5 3d3ab8df9e5d538049b6d15bd318e2c9
SHA1 a6357b594fbf3c59a3aa2f72d9da1dee046a43f7
SHA256 9a53b01e3768cae8f8fe45bff3a5f6006229e6c549890f62441399a8a1dfcc1a
SHA512 a53d114d2ae02a75cba07079a6616f2eb9f2357c0f1cacffb989e886f39bc87dc85048129eb2902cc82301329da4b0b1b1ffb29eee5f158b002cb3c4bc610811

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs-1.js

MD5 3904dd57a07beecc4dec84d8c7eb2ab9
SHA1 4ca004421b3050c2962f2a4137e605ed94688932
SHA256 2d205893712b8d920e272582524bdd151edf7368902ec055b2f44f57b36e6833
SHA512 90fb9972ac4408428437ecfb40c5f374f5fd7233dca043a4fbd0a553d9237f41cbbf7ddc6841432c50995cbe86b7093fefa62d115cafa63c4b317c5f6a329cc0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 88c985062201446de8c1a7a834dec32b
SHA1 9c36f5f01d2b674e78aa8ac08997a7ca56202ab1
SHA256 9b3f5ca7265f66e586359f0839d3cba18b32ee3237d5c533462d91b7c4eab89a
SHA512 739e62b73543d71960627a23ffcd295cdafd6ae5e23fe8c0f91b1880533a4355553532abb0f35b783a6221640f4f8a9ae06e30e71b1df525310e2e9d4ceccc3e

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.Kk-Zo1lB.0.10.exe.part

MD5 bfa3546cec9c2805af7bdde6affb1a71
SHA1 8851566a5e6214bbc8d9d3b42b252c6b2470b1b1
SHA256 0dce66a77afd90a7fc3f3a986037974d42cb1d1d21f6691b93780a3ce3f03f15
SHA512 2a85fedb66246bf4656a34a2e842acd8eb4520a3fd2d7be5d79666b5feef15c85278f0ff8fd9d1a4d819544b5754cb935b97b46bada6a5cda1f9e03111cdc884

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a972e1ef4e13235a660791fb9464b3aa
SHA1 841294d2bfcec33a92adf5e9fe7db663aa130c7c
SHA256 bb5e9297fc048084fbe310d480930efeaa5875ab2683b872940387074637bdbe
SHA512 fd3abc871b2e315bd21bac851bd3c7a9895d1e90df869577ad898809b23f3ae280146e1b1385b7273c8e9f952c83c28d636ed7f893e02edf509ce935c9f71760

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8cobeb0t.default-release\thumbnails\4df9a70f81e0e8003c3f711f536866ef.png

MD5 bdd22b3ea0ea7b2d8c5f276a2b3795a8
SHA1 032325350310e62515b2f27d7df79f4a8bb19fda
SHA256 ad48adfe44a33a09087d6fed96970a84bdd24e02fb3f5b42db54639598e06680
SHA512 aac0648df1a59bd96a20ceb117dcb86dd7d22f52f2190ce1fa3ede65c60b8d8a7cd30cfe119f0ef2c706ba8cfe3850ffe3e895a68b128604ed0c2d751a1cf5e2

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

MD5 b3b7d6e57d06fa277de0f2d749f5b136
SHA1 c64f512a6808a8c2e7b9f4ac965a0c8b186ea237
SHA256 f719a1fafcff313bdde289247b1dc7238272661c4bdb50243aa2a3ee6539498a
SHA512 bfc30bec7cc6bbcba852f4ddc84a858d191fe2e60527eecd08b970558a3b2040e64de6df65de19d18d14b82ed57f2dd0eb76e983759f7ef7ba365a9a5b969c45

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe

MD5 e3027fe4470593ea9310688b1cea21a0
SHA1 12d9c7661a91f3510638af5bd1c14443aa2ceff1
SHA256 28cce7070325f5f10d193e871696040b15b2556d30455c2ccb0ec470fc99e202
SHA512 7310960cfe05823c8390f45c84194aa0d47129486ed12d1e8427adf5a6132e5fe2de4bcd45c7590796cb70268ec9855856499348b7259991ffc3140dc87a6a69

\Users\Admin\AppData\Local\Temp\nsl1CB3.tmp\System.dll

MD5 480304643eee06e32bfc0ff7e922c5b2
SHA1 383c23b3aba0450416b9fe60e77663ee96bb8359
SHA256 f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce
SHA512 125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

\Users\Admin\AppData\Local\Temp\nsl1CB3.tmp\LangDLL.dll

MD5 59888d7d17f0100e5cffe2aca0b3dfaf
SHA1 8563187a53d22f33b90260819624943204924fdc
SHA256 f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3
SHA512 d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\prefs-1.js

MD5 0f3ee028d8346b074488fb27fe1c429a
SHA1 16d816426d1a72e0fca1343bb47a938db46dc9a6
SHA256 82453a3569fcbfaa354d043327a3a7e01fbb1c028d1da570492b28e2f6da4f76
SHA512 5cb6a01edc240a84d0cba0ae408c39ae092908dd5af0639d4c2fcd1d52993f977ca8997633ac62b8bf802f92d8680f897359f830c72b1aa2fe04820cd00d0389

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\sessionstore.jsonlz4

MD5 1fbd3dd3a2ab033ab6c91d41d0fbef12
SHA1 9d2245c1a5fc32a4734bf5d6628ca7a16652b870
SHA256 1fff358139ab90c87feb3197acb55e856391250b2d9a264ac6ca08bf29f68002
SHA512 db94d83a6204aa8d0f6d5eb19090af17e4edb31e5a5e6454100250d0e841d2e70b58974d8738c35d89da2210d2db59e30ec1d40a050487c73dd42a88496fe1a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8cobeb0t.default-release\sessionCheckpoints.json.tmp

MD5 6b77a9f779399e95d1cee931a2c8f8ff
SHA1 826efd4feb0d50fcce5696111af7c811b81adcd9
SHA256 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3
SHA512 ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

memory/4364-3920-0x0000000140000000-0x0000000140070000-memory.dmp

memory/4364-3921-0x00007FF9A6040000-0x00007FF9A604F000-memory.dmp

memory/4364-3975-0x0000000140000000-0x0000000140070000-memory.dmp

\Users\Admin\AppData\Local\Temp\nsl1CB3.tmp\nsDialogs.dll

MD5 990eb444cf524aa6e436295d5fc1d671
SHA1 ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3
SHA256 46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8
SHA512 d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

memory/4364-4115-0x0000000140000000-0x0000000140070000-memory.dmp

memory/4364-4117-0x00007FF9A7820000-0x00007FF9A782D000-memory.dmp

C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk

MD5 2efc676f080cfb58a0c1bd77aec87c1e
SHA1 2dd8df6218d76a56bf6d8874a92233de978f7873
SHA256 4991c43d42e142b366fee562a5bbdb14fa002e69a579eb490924d57b979a0fc7
SHA512 3c8306b704c7cb0349b6ad31ea0b0577d3aab3afae24471fcefe857fe0977e90e6862717cd8b393564f40f4f054acd685bb4f40df4c9d960ae9c30d9efcc122c

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

MD5 15ff36f3e045f98652c3909d99de57ab
SHA1 1df6b4e970451227269e09be8c67067bc8a6d7db
SHA256 d5a7aec0caef36f3e1726b7e91bad676e227ecd1aa6750ad4aef34c9411985ac
SHA512 2081aa0459ba3ea01123b5d3f760fa3198e677c914aa9c648716e667d21338e63a918c065f11c2a10b8c3adb273693825b3b878207bcf39c68c6e7de909eaf2c

\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

MD5 4d0887daeff8ab3105e737d8aa3ea8d7
SHA1 ea9a8c004b460d56dc6368a99bde6175e4bed127
SHA256 eded7914f589bc87fc5d07ae93585b2f4a86b6497627b8669bc71453712e243c
SHA512 b4425c08eb318b3777b6c9cb55a08708ed64d4b0c941dfbd8d0b16f9dad6a4cc13aa93598f45e88f193f24c2380bf404f601eafa80186356ccb8e650f54b70ed

memory/4364-4171-0x0000000140000000-0x0000000140070000-memory.dmp

C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

MD5 f1ee115c557e3a86498ea4a28aeb1987
SHA1 fef2c4e1686c1e80c6f215b695cce9ea5095acc2
SHA256 81fec8f9544cda31f96cafd80b9591755e6af0bcc9fb904551fd5c8da1acb0c1
SHA512 0d2ceff379df79da5f942697f613ae24b597ce900903293a92af5cb6c37d46be482ceb1ca4168a8ff155b3c49d93ba36e92e25ec0532087510f304e1906d9a60

C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

MD5 70b1d09d91bc834e84a48a259f7c1ee9
SHA1 592ddaec59f760c0afe677ad3001f4b1a85bb3c0
SHA256 2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce
SHA512 b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6a80db2e88e0d40e38079f359cd92689
SHA1 83fccaa49b37e407512f245a49920f35969ab0bb
SHA256 9810d9ff5d3b6c97ce88f95c8619dda6c377af9c48ffe8771ad2726d7349a1af
SHA512 426273c34b131d00293532b7c956f0d6bf716dcad2efb48e56e5e555a903613ca81be83fb3b447ef8b814a72c8aa9892c4d93cfa49f9ff8b6fd11facab26a101

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 a1a29141c3dd9569f50445240652bd85
SHA1 0952e3f75d6ec560432aeb62ba57cf4dfd56f64c
SHA256 a3e03fc8b2e431917b6cf780d7b4b48148d846b591ed66f85bd834df059f41ac
SHA512 4da9fddf2cd47ee8b59daff1e201096ad51535eec06cfa0438ddda6286cb006a15f956975c45e91fdb5d964a1234873385e3c713571ed116fc2b2c0c20c858e5

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

MD5 5531d35cdd491f6e929178cc9ff52051
SHA1 04f77846fd9d270d6d2b9b801181cde785549115
SHA256 18414d1179e9ae974925e7298941e28052ce13005e1b1bc9ad2249043e010c61
SHA512 6a583cc4f1d46d73ecb9adb406bf9e1aa0dbb0bcfc56ae8b2fa80dea1796c2ba9d6585980b21bba863d25f236e46fddf4d44802ab5a91c8459801b91b7c0e4c5

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\handlers.json.tmp

MD5 e7a65c5ead519a7b802f991353c26d3d
SHA1 34cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA256 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA512 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

MD5 ee72fb7b722ae9fb2e4e770510417057
SHA1 11d0fe160623fd1cd1cb07e9f7fa706b198653a2
SHA256 0b459140db7a250c0f6a48c883832bad9008f7df9f96a2cbc35fd1eaa6bb4916
SHA512 c6fdd45d55af5a9b78f70c4fdf5b63a7c70cbd180e0f2785df2fb3ec87075d0d6325259a92c05075d0b1103ef8f1b701d5afa04c3b7af1f969bc4abeb0eacbfa

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

MD5 6c56328039491c686c13592b650ffcd4
SHA1 6b2c0172abc100c4483a05c9710209314271c43b
SHA256 9df48ff6a358bf41794d45c90099e0ace2df5a21fe4960137ca2034007de2989
SHA512 6ddbea4543a46cb7171e2dc379040df3ee412b9a1a0f2e93395c95ec5a81a7397f93827c49cb35368632a7c035068a7fa2d2630903efb2b36054d8fadd08c110

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

MD5 4c7bc1264d91830798036aa13c35d01e
SHA1 98f28d4c558be5d67beb7c686b8ea76faece6acc
SHA256 ef09c6133cef2155b8a9a757880ff3b574a21e2109948bc9279c656d081b216d
SHA512 e51d45a2892ccbff2c41b492f0d752e33c4786f54168710a32ca6169ab1afe286ac22419645b179f6e617a9f2b15ace9989a6523c404e502cf7e41f4783978ba

memory/4584-4443-0x000002165B8E0000-0x000002165BA50000-memory.dmp

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

MD5 c71b7bffff909cf080be16b084e7bb91
SHA1 ffab862f4d10dedcc9ebf9a632a227efc3c9706f
SHA256 70194158cd0a07f4f65caf7588b47c01f465d987821b1fc2eeaebfead2041eaf
SHA512 42693fe3244af120e8df7f339a2962afe53bc61af03420ce1f948dd823791d3bfa3cecb56688651933547523a6fa691e3c874e19cadb2aafba23e66a3480de89