Malware Analysis Report

2024-11-30 11:30

Sample ID 240225-j3y9jsfd97
Target http://vx-underground.org
Tags
lockbit ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://vx-underground.org was found to be: Known bad.

Malicious Activity Summary

lockbit ransomware spyware stealer

Rule to detect Lockbit 3.0 ransomware Windows payload

Lockbit

Renames multiple (561) files with added filename extension

Renames multiple (637) files with added filename extension

Reads user/profile data of web browsers

Executes dropped EXE

Checks computer location settings

Drops desktop.ini file(s)

Looks up external IP address via web service

Drops file in System32 directory

Sets desktop wallpaper using registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Program crash

Modifies Control Panel

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Opens file in notepad (likely ransom note)

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-25 08:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-25 08:12

Reported

2024-02-25 08:32

Platform

win10v2004-20240221-en

Max time kernel

1199s

Max time network

1188s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vx-underground.org

Signatures

Lockbit

ransomware lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Renames multiple (561) files with added filename extension

ransomware

Renames multiple (637) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation C:\ProgramData\6B7.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation C:\ProgramData\2AD6.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\International\Geo\Nation C:\ProgramData\23A7.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
N/A N/A C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
N/A N/A C:\Users\Admin\Desktop\asd.exe N/A
N/A N/A C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\img\AbBuild v.1.0\AbBuild v.1.0.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\keygen.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\keygen.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\ProgramData\6B7.tmp N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\keygen.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\ProgramData\2AD6.tmp N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\keygen.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
N/A N/A C:\ProgramData\23A7.tmp N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\desktop.ini C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3844919115-497234255-166257750-1000\desktop.ini C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\desktop.ini C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\desktop.ini C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\spool\PRINTERS\00002.SPL C:\Windows\splwow64.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPdpt1mw49k1ov2f1jeooc25njd.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\00003.SPL C:\Windows\splwow64.exe N/A
File created C:\Windows\system32\spool\PRINTERS\00004.SPL C:\Windows\splwow64.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPukpddcrq0dqlysovxjxlnlc8b.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPb2uk0m76ju1zihk_guaglvpjb.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPita_yrjn8fy6lky8sh0qxa5zc.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PP6ugrla7wlqvgo83gcplsh_61d.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPuqu9f2bb606advvery6xa5apc.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A
File created C:\Windows\system32\spool\PRINTERS\PPip5np19yruvaj22vfoindcvpc.TMP C:\Windows\system32\printfilterpipelinesvc.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallPaper C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\EFH4UcdOY.bmp" C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\EFH4UcdOY.bmp" C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallPaper C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallPaper C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\ProgramData\6B7.tmp N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\ProgramData\2AD6.tmp N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
N/A N/A C:\ProgramData\23A7.tmp N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\o8RCWFYi1\DefaultIcon\ = "C:\\ProgramData\\o8RCWFYi1.ico" C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EFH4UcdOY\DefaultIcon C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\php_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EFH4UcdOY\ = "EFH4UcdOY" C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.o8RCWFYi1 C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\rlumdaMwk C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 68003100000000004a536b2a100041422d5354457e310000500009000400efbe59586542595867422e0000003631020000000b00000000000000000000000000000080969800410062002d0053007400650061006c00650072002d006d00610069006e00000018000000 C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\o8RCWFYi1\DefaultIcon C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\o8RCWFYi1 C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\.php\ = "php_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\php_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.o8RCWFYi1 C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\rlumdaMwk\DefaultIcon C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\EFH4UcdOY C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\php_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.o8RCWFYi1\ = "o8RCWFYi1" C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\o8RCWFYi1 C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\asd.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: 36 N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: 33 N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: 36 N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: 33 N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe N/A
N/A N/A C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
N/A N/A C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4628 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4628 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vx-underground.org

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83da246f8,0x7ff83da24708,0x7ff83da24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12755158502707576415,6540691748721901505,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Redline Stealer Builder (Modified Variant).7z"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Redline Stealer Builder (Modified Variant).7z"

C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe

"C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\e7f47c9af37745979dca57eb69a0b271 /t 2340 /p 2236

C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe

"C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\aaa5d21bd61a43eaa0f4afc902f6d255 /t 2996 /p 3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff83da246f8,0x7ff83da24708,0x7ff83da24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,3139303091434258205,17498827480286080002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\AbStealer Builder.7z"

C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe

"C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\Ab-Stealer-main\README.md"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\Ab-Stealer-main\README.md

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.0.1446688204\1590511720" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51f3c625-da3a-4f55-86cf-36e8648efa7c} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 1980 24baa8bb058 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.1.2020766755\1748920148" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b408b203-687e-4caf-9b7c-bbce325bab7a} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 2404 24b96d6e458 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.2.1449854736\704250067" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 3000 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09befd9b-2e8a-4ab0-a607-90569795dbb3} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 3120 24bae9f6358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.3.533642762\250066677" -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d0e6d55-56cc-4907-a461-2e0ba4536ca0} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 3604 24b96d66458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.4.1856123250\1166029075" -childID 3 -isForBrowser -prefsHandle 4664 -prefMapHandle 4668 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08bf55e9-db1c-4cf8-b0fc-94af2ea73a5f} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 4680 24bb0b69458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.5.474739138\1941162341" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4872 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd48a8c4-3fb0-431f-b34e-a1617a21780a} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 4848 24bb0b86558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.6.1080596259\239965105" -childID 5 -isForBrowser -prefsHandle 4208 -prefMapHandle 4904 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5cd88c3-6738-43f1-8eb8-100e0519aa7d} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 5012 24bae9a8558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.7.1048259449\1236727215" -childID 6 -isForBrowser -prefsHandle 5712 -prefMapHandle 5676 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a46f82b4-bf03-4464-802a-37aeb4c5418a} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 5720 24baa80cf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.8.1880255555\862971098" -childID 7 -isForBrowser -prefsHandle 4308 -prefMapHandle 4780 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e2e49cd-672a-42f7-b721-c407bfee0e0a} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 1700 24bafe72058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5036.9.868103427\393477446" -childID 8 -isForBrowser -prefsHandle 4976 -prefMapHandle 5112 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dcfea11-e739-4fd2-9c0e-f70c4985edcc} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" 5000 24bb0b6b858 tab

C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe

"C:\Users\Admin\Desktop\Ab-Stealer-main\AbBuild v.1.0.exe"

C:\Users\Admin\Desktop\asd.exe

"C:\Users\Admin\Desktop\asd.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\img\AbBuild v.1.0.rar"

C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\img\AbBuild v.1.0\AbBuild v.1.0.exe

"C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\img\AbBuild v.1.0\AbBuild v.1.0.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\index.php

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\login.php

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Ab-Stealer-main\Panel\Panel.php

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff83da246f8,0x7ff83da24708,0x7ff83da24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,16261369828197233987,5900299848656532553,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5072 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Lockbit 3 Builder.7z"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\LBLeak\Build.bat"

C:\Users\Admin\Desktop\LBLeak\keygen.exe

keygen -path C:\Users\Admin\Desktop\LBLeak\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type dec -privkey C:\Users\Admin\Desktop\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32.dll

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll

C:\Users\Admin\Desktop\LBLeak\builder.exe

"C:\Users\Admin\Desktop\LBLeak\builder.exe"

C:\Users\Admin\Desktop\LBLeak\builder.exe

"C:\Users\Admin\Desktop\LBLeak\builder.exe"

C:\Users\Admin\Desktop\LBLeak\keygen.exe

"C:\Users\Admin\Desktop\LBLeak\keygen.exe"

C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"

C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_exe.txt.o8RCWFYi1

C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5300 -ip 5300

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 264

C:\Windows\system32\printfilterpipelinesvc.exe

C:\Windows\system32\printfilterpipelinesvc.exe -Embedding

C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe"

C:\ProgramData\6B7.tmp

"C:\ProgramData\6B7.tmp"

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{FD0E374D-F69B-401C-80E3-CD18EF9B24BA}.xps" 133533231373230000

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\6B7.tmp >> NUL

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\DECRYPTION_ID.txt

C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_exe.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_dll.txt

C:\Users\Admin\Desktop\LBLeak\builder.exe

"C:\Users\Admin\Desktop\LBLeak\builder.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\LBLeak\Build.bat"

C:\Users\Admin\Desktop\LBLeak\keygen.exe

keygen -path C:\Users\Admin\Desktop\LBLeak\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type dec -privkey C:\Users\Admin\Desktop\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32.dll

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll

C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\EFH4UcdOY.README.txt

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{A2170DDA-6553-4461-9845-5938EC6F138D}.xps" 133533231991350000

C:\ProgramData\2AD6.tmp

"C:\ProgramData\2AD6.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\2AD6.tmp >> NUL

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6948 -ip 6948

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 264

C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_dll.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LBLeak\Build\Password_exe.txt

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe

LB3_pass.exe -pass 870a83b8672a360b910cfe90faff550f

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\LBLeak\Build.bat"

C:\Users\Admin\Desktop\LBLeak\keygen.exe

keygen -path C:\Users\Admin\Desktop\LBLeak\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type dec -privkey C:\Users\Admin\Desktop\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32.dll

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Desktop\LBLeak\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll

C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3.exe"

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Users\Admin\Desktop\LBLeak\Build\LB3_pass.exe

LB3_pass.exe -pass 870a83b8672a360b910cfe90faff550f

C:\ProgramData\23A7.tmp

"C:\ProgramData\23A7.tmp"

C:\Windows\system32\printfilterpipelinesvc.exe

C:\Windows\system32\printfilterpipelinesvc.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\23A7.tmp >> NUL

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{BE675AE3-9E69-48B1-B56B-5FCFEF315833}.xps" 133533233465640000

C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\EFH4UcdOY.README.txt

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff83da246f8,0x7ff83da24708,0x7ff83da24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LBLeak\Build\LB3Decryptor.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4993321134001509024,16730285863533399317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5320 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 vx-underground.org udp
US 104.18.7.192:80 vx-underground.org tcp
US 104.18.7.192:80 vx-underground.org tcp
US 104.18.7.192:443 vx-underground.org tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 192.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 104.18.7.192:443 vx-underground.org tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 samples.vx-underground.org udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 69.242.123.52.in-addr.arpa udp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
GB 92.123.128.181:443 www.bing.com udp
US 8.8.8.8:53 vx-underground.org udp
US 104.18.7.192:443 vx-underground.org tcp
US 104.18.7.192:443 vx-underground.org tcp
N/A 127.0.0.1:52353 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 54.218.225.239:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 239.225.218.54.in-addr.arpa udp
N/A 127.0.0.1:52359 tcp
US 8.8.8.8:53 i.ibb.co udp
FR 162.19.58.160:443 i.ibb.co tcp
US 8.8.8.8:53 i.ibb.co udp
US 8.8.8.8:53 i.ibb.co udp
US 8.8.8.8:53 160.58.19.162.in-addr.arpa udp
US 8.8.8.8:53 simgbb.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 104.21.4.104:443 simgbb.com tcp
US 8.8.8.8:53 simgbb.com udp
US 8.8.8.8:53 simgbb.com udp
US 8.8.8.8:53 104.4.21.104.in-addr.arpa udp
US 104.21.4.104:443 simgbb.com udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:80 google.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
GB 92.123.128.169:443 www.bing.com udp
US 8.8.8.8:53 169.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 vx-underground.org udp
US 104.18.6.192:443 vx-underground.org tcp
US 8.8.8.8:53 192.6.18.104.in-addr.arpa udp
US 104.18.6.192:443 vx-underground.org tcp
US 8.8.8.8:53 samples.vx-underground.org udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 10.73.50.20.in-addr.arpa udp
GB 92.123.128.161:443 www.bing.com udp
GB 92.123.128.161:443 www.bing.com tcp
US 8.8.8.8:53 161.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 lockbitapt.uz udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 lockbitapt.uz udp
US 8.8.8.8:53 lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly udp
US 209.141.39.59:80 lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly tcp
US 209.141.39.59:80 lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly tcp
US 209.141.39.59:80 lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly tcp
US 8.8.8.8:53 59.39.141.209.in-addr.arpa udp
US 8.8.8.8:53 lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly udp
US 209.141.39.59:80 lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly tcp
US 209.141.39.59:80 lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly tcp
US 8.8.8.8:53 lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly udp
US 209.141.39.59:80 lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly tcp
US 209.141.39.59:80 lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly tcp
US 209.141.39.59:80 lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly tcp
US 8.8.8.8:53 onion.ly udp
US 209.141.39.59:80 onion.ly tcp
US 209.141.39.59:80 onion.ly tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 simplesharebuttons.com udp
US 162.243.82.235:443 simplesharebuttons.com tcp
US 162.243.82.235:443 simplesharebuttons.com tcp
US 162.243.82.235:443 simplesharebuttons.com tcp
US 162.243.82.235:443 simplesharebuttons.com tcp
US 8.8.8.8:53 darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion.ly udp
US 8.8.8.8:53 it7otdanqu7ktntxzm427cba6i53w6wlanlh23v5i3siqmos47pzhvyd.onion.ly udp
US 8.8.8.8:53 papyrefb3jewa7fdbakdomx2pj576w7u25fk3kjk6gyyuofz5awcu4id.onion.ly udp
US 8.8.8.8:53 raptora2y6r3bxmjcd3xglr3tcakc6ezq3omyzbnvwahhpi27l3w4yad.onion.ly udp
US 8.8.8.8:53 reddit.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 vkontakte.ru udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.tor2web.org udp
US 8.8.8.8:53 www.torproject.org udp
US 8.8.8.8:53 zqktlwiuavvvqqt4ybvgvi7tyo4hjl5xgfuvpdf6otjiycgwqbym2qad.onion.ly udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 235.82.243.162.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly udp
US 209.141.39.59:80 lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly tcp
US 209.141.39.59:80 lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly tcp
US 209.141.39.59:80 lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly tcp
US 209.141.39.59:80 lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6fbbaffc5a50295d007ab405b0885ab5
SHA1 518e87df81db1dded184c3e4e3f129cca15baba1
SHA256 b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

\??\pipe\LOCAL\crashpad_4628_WOXATMKWQGOSUEAH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 360dd5debf8bf7b89c4d88d29e38446c
SHA1 65afff8c78aeb12c577a523cb77cd58d401b0f82
SHA256 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA512 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8bed3253d25eb224d00e88052403a14
SHA1 7dee1c35d05083890f1fdb978fd52a75a191d1cb
SHA256 dd1a784d4618d9d3b73d0c7061e8e23cfda0c45d965ebf1f925542abc768587a
SHA512 7cd04aab4af6476fd35209745f05e1a4c0ea22e5b3537f2b28c11580b78f514cda16fd7a79674ae5adc4c4f2076bbb002c70f718b1a6c88222c350251e4fef92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 363b852a2019ac44e0c209ad9f2992a0
SHA1 fa253693df757183903581c82872f583adc54e6b
SHA256 eff932a1759bbf870eeeddcf5100fd2b2e3b440d687388686a2e1f7797c2278c
SHA512 65830319a4c99ff85388f6795d7bb10062bb5c413c8ff95442929d4b29ca4154963ea29052a622da97fef556a74dfceec3aecd844339592b67bbc1bee5d13f97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d2d1a780e3b06d24a0084bff1b46a7f
SHA1 7927bb7fd55c1ed3c67fb8dacfccd042932d2266
SHA256 b7fa419cb9dfdd7812dce376f382d5adb16ed997ff6c948a02292286d7e87ee5
SHA512 76481062739faf92a976370d7ed44169fcd4403efcac08b6342d2b106caeb4c2db565753107d2642afec49d81a90dc0cc76e8a2e08775bc2c5634399d627e132

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2722e39db3eb3dc5431963cdee7171aa
SHA1 b2d0da6965b275c569f493bc778a035f78dabcd2
SHA256 be3f7118c89b57725ea6f9815ad0b54e3d5534a8b1b7711b2f133528e69ebdb6
SHA512 cb5b89ad936312a921eacc850404d5a8d69ad4c84c69e78f1546801c398b7c15302e7c6682f42ceca7fc2bf7fe0dc1608cd909d569b226ef4949cf8d0692bd07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3195367cbe610e3da6541bd589ec9aa6
SHA1 9c44bfb7e979a4a349369beae9a17afe68c55d2b
SHA256 4576a061aadd309315e962b058613729efd2c47542416d85ae93be7c233dfaa0
SHA512 bfc8c2011dfa7aa37e4ff27f74b3e51a70ac5e9029deff61958e70b8abe457069c826936832d35b560d71fa8eeb49af93b9c8886e2114fca25a6d3978c0c56ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 91d86cb594665980d2bad021d0e0a3c7
SHA1 c96a2fc7e9d8a712fe740d1e66550122281695a7
SHA256 2f5a6d0d598cc105ee487391f3bb5a65adc60b819648804cd8855dc4eb666cea
SHA512 5897fee800133a8832e288979a4a13b61e329811e03a4d978bd50f98f4a39bf0400e1f708e2b497230ff463c1a10b848f46284599d7a64b98ace47d0ba30613b

C:\Users\Admin\Downloads\Redline Stealer Builder (Modified Variant).7z

MD5 f0ce60b7fa43a580e6bc2ceb1b4677e8
SHA1 14614ec143f792e22ad192c214ce4e7ecc97eef5
SHA256 ec7e312cc3794b8a5a9838a48bce5102d4b88b09b80b524dc7ca3bb164a9e352
SHA512 5e8013bec72c1640837736f6c77cca3fcb4923f4c43b7931a86ee01d18ef05406a50a5d8a4ad35afafa48e9bedafe0abaa6fdbe54f6e3f89b7a16c4bb6b96b58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 382c9a3eb874d0aa7ec4322d5db2b98d
SHA1 6d2244ea5b2b8b484fa99db5ba89ad2e71552a31
SHA256 fbe6bd6ae1e1e80eb687f51cf9b6029a8f900df617da90965a7d11b60c6500a3
SHA512 44e5226478e7dfb5ee442cd500b06592a192656feea8c63cc3564b481b330c1cdb04230820f6b12cf8c24f99731f489e1813d3ac3139d61ebc56b31335ee92ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49ed3d10a7172e15b0a5c32b764eedab
SHA1 fc6147f89cba9aec285809012bcb02679e1b88ac
SHA256 a3fd52ef9898afb958a71388558424b4ba7fc8bfa95d9186767bb4657695df4a
SHA512 064ae13832887923737bd6078931b92c8780f0078a10ae1c6ada496abfd01087f7ac5dd9f9783ae1f760598438ea70b50fc087397423ec33a334a42acb048af1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25b56d3af472473f550fd3b303bc75bc
SHA1 6ef2c1c4f7ad45c921e090b9b5ff7c04da176d4e
SHA256 b84174b311f9129a11d693335a16f94b34c7a0bc3dac0dd293b03cac3e3582f0
SHA512 bae146b322f56ddd3a811f0d8c06ade4ddb1ed82b1a8c0788b26c4b2588ef621c3eac078c962c19171887a22b11f2f56653c6784ff81b41908f9b4d17bdcfd73

C:\Users\Admin\Desktop\RedLine_Clipper_Cracked.exe

MD5 c45dd3b001aac16046e56cc0bed3c77c
SHA1 bd295f2699d32902a71b0480e0dc9b82ba6ea155
SHA256 d3ccc70fe10b2804c6d7978579645b0a04a0f7ad1f15776aefadc3f635156520
SHA512 bfdaf14c0f953a68948c6114014a3dfae12a6d3237b815ad2df08f48ffd90602b712d6131aab24c7c0a5ad49007ef958004291b68fe7140dc4cc8fb4fe94f9b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 a6b40b9a18b7db4d4f107d040dc9a0c1
SHA1 800f3710a72c56f7491fd695a656ccc9a09e1dd9
SHA256 266da85bf6c21e4562e5abe58e7217ab034ee8d4cf07a57dae6382999be8b557
SHA512 3c1e9ff9ebd514e152bcffa90ac02e47b8403694e7f0f2503f873d56cd33dbd94a7b7d4a47776da7e5e66ed745827dd9c1d7b27f987065086b5f13f995bcbcc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 314834a2c10d79fb797bb67b4b9d9b26
SHA1 428de6e316ef8d09516bd4025c0d1515c2ae51c0
SHA256 2438b42c4fe4010690fd24f5ccf5e58cb107c719a58de370e7caeb873765e064
SHA512 04ee9ac06bbfb81d87a4e5aeb569d90af15225c7901a1d08af57a6a129331f61d23961586918c9f9dbc44d356ab7b6f9a579f339e221a80f633ca162d146ed24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 f8065a67e7e7b5de8831bdf593fd1f92
SHA1 a8bbcc6834487f6e70ca73a8e3d75a76c04e1f97
SHA256 20ccbe37894ef7437e57512d6b5658e73962cf017eb155ac7f1775883dd6f862
SHA512 9aeae7845abb3ae347dd05e1e5d4e0da0e27d0896cb9a7ef120dfabda3d7492bc668b4cbe0314a278c29614787f1afe6def7b0bb19950e66bb8d7f41440a642f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 5b5c06542e384cc6b293d11860874ae3
SHA1 cbf40ac75d3d843d4ecf760d4d6bddf7d66c8e2a
SHA256 fc3927092ae90473c5d346598f39d6a6b1c26e8d69df997fbd39fe043f7bbf1c
SHA512 76a4bb8895cfc8359724944df208b0a1128a16762a394ed40d0f69fa6f6783d1dcf9fade2fbfdf389598a55c863faea79a0f19b9123496c450891128a8886d37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353322355197119

MD5 b6ea68c1e065b98bf78570f6340a212d
SHA1 64bd62a50a4155b04e0bcddcc5c5e9512caa6ca7
SHA256 89843d37e34a1068aec416bd3f5ed9151e65985992fa12a744ed294edcb5f4af
SHA512 26ca94fc170a50e064979b068cf9253c38e3766637608256bca6fe7d9157b60ac022733310e6c6eb6d092ffc391ef9ab435784b8e16029a30688d5cb6d90ed67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 9b634e811c8e92c59f6e14910290c0c4
SHA1 0955a54a61050129e90358d3342eb294b23fcebc
SHA256 5a084a47b2b43ded2d2c23637de27163f71fa846efb9c3b552c01d54274a6715
SHA512 ccbc54d2cce1cb77226b0ff9dc77feddf5fd1bfe80fb5c64d957d2f94f185c65f105d4d9d5b4614d077b223dca56aa26a37d49b0a56a8b931842f77ec1d97ef0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 536c8ee952c61d9623ae91343bf4e514
SHA1 5a43882c037abd84a039c55df2e4466a7d94ed73
SHA256 36dccb2845e77a0f39cb3a0c94493895a650cbf4306ad505fb233ef8b99f1495
SHA512 754f4732d334b5388cf2ace54152be097a62b28455d076e6aae3ed59d7c4128f39d1eaacf5f0ab25eb8f388e58c2c5b709c846fd369924d87e92c39d97e73eba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 0211bb99a4630e5ed6c92f22eba3a590
SHA1 1a9dabcd4627c670f1269cad3a09ffed2888f92d
SHA256 dc4a43d422a0b68ab99425104034e0d54a5f1965f61497d806f39dc31df6bfa2
SHA512 5896d9f29b6bfd3e29a63138ca6621898a873c805de236a4b1a8bee148f64400ad6da367981e25731372918ad4ca50ffa5b4db7213ce4b499ac5d3b57dd47af9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 f76b98d7b768981e8a75c0ab148bc9f6
SHA1 e81e52123da75ba882b91a19dbb9534739720ece
SHA256 0df2972deb65eddab0b622b228625bc17324367b316ac93f70ab308d9020ac6a
SHA512 7acb8a61c1d59a2703831689fb4d0bf3ed28ca1f9bbff1f564da6686afe6ef72dd3602f32988929fabffbcb5a8d8143dec8cd08a7af64f3aba3e86d8b622e703

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 9847259efb57c363dbc8c86c180b3ec5
SHA1 2edcc4f5b9f84baa3fac18cf5b7167b739268405
SHA256 02b9f3d3478315215ade5b8167b1d2e368f12d868b24a0f45b3ca80445c90099
SHA512 6f7a8bcebf5d09f964757c28ce2fd44607045df5e448a1b845975a948544920f7cbfad5f7fbe502d594a8107750a5fddeeecb72712cbe038f3b1808bd5ddd0c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 8b333d89ab92a626d47126cafc81716e
SHA1 b7710568591906ff196d99f53f237b8f88deed0a
SHA256 c8e98d683973d01f68c66438c9083a9d2ff6f745a5e32fe01433d992c73271e8
SHA512 3f0e66c1a6e0db126093aec4e664c8c04b622e49fea011a124b22284ce45106188386ae8af952ae2c7a7d9e8219ee5352250ed9b1a04c49f4e340b9c3d87e84d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 723e57efd69bc525c7fb728b87ace12c
SHA1 8d8d156abdf7224e3e20936404f3932938a6523b
SHA256 e44bc092e8fd328029bb70055cb5d558b813e32093f4c65450791afaea527b20
SHA512 2f87576691fb94bd6c2ee736793b6b17856b37679c9c05fca7343587744f4a58bfcaceeb02b90ba303f08b18feeb1c80e7068511c0aef6d0d1404c69257f101c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1c37eebf0b157f7082d146a8ba5e83b
SHA1 3bdc3e3bf900690698d2485689fc9f2c59380482
SHA256 4955a726b8cb96bd9262c06eb6db9845241d65711937118f905e0e0fb9270413
SHA512 d79e5dc8944ee2ea127fe02bc38487549ff1007e9f8d70f133cd15e4c62166799ada8b0bd8120e2692f695f5abe44d938fa143e2ee93fc4bf912ce984aba1c6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 ccd15e640202acdcf67917cca0e5e718
SHA1 967771403403120296385063797b7bf0a83aa730
SHA256 0724450735e8e7f0f0294a5154c11e506e0756584061166a146e963be6611f56
SHA512 97c2f1a1bcde36449f6dc7c28831ee3972348e38883788cac3aed54872f79c24b091bb3723ceae30d4445921ccfb0d5bb7d5455b9b84b6cb3b3a1b54b8efebd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 170b8ceea207e4fc9dc338c60f369fb8
SHA1 37a49a6389f4a602040d1cf99d21c3bc51e2a5db
SHA256 4b0b2223be5e54f5b8aebebe5af0a378a61d24580c2a99abd8d0ed4ebab4d677
SHA512 f3bd59ee5d2a24c29d52f8a2c6aae34fa56d6c61298718466fcc56595d688f5b7fc8e291ab232feac348f4456af863fcf0ccd17b4769beae74e1ed91ef4a3d49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 c9d04f5697f75b3f30c36ec7691b8389
SHA1 e138d6afeb8e88df02d0487470621478dca7cce9
SHA256 8e6931d82090fcfa59d0ebd4f65a4db318f3374e8d0cfb8eaea2fa069623285d
SHA512 df64fb50eaba0220dcd9f116a6d2e11ca1432e7d10815473e2a733958f6585ef3c3a1bf9cf07cb64c9c15abaa36f16edf49063cdefc45d54103c463254a703ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 4cca63b6cdffe3d01f818cedb2fbeb72
SHA1 6fbb2624f05d4e5e5f838bad6b0a2b287294e0af
SHA256 15d4a7dc6fdb6859c049d463d3115314fcf67d4e124a1847ff88a8370a09ce94
SHA512 d9c28139ebe06d6e22387562680506efd1b5bdf0fd7633263456a731c48ffeb46843df51d116a9bbf6ce03caaee9626c3864d912fe0291f654aefea62618ed23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 7a6c15d456fae3fba52494b8ca688ff1
SHA1 cd0c964edb8663e044ad79e349f7bda9f1c1f510
SHA256 c3aabde6ccb979b80b8a82b24c190b3461661356d15826f09897c90824dabf81
SHA512 28e5ace42996aad3e69725f4c6f30a1d271f555b523bb0c7c84139f4cec7f8d12d17663e52b96bf5e4f43329b18018371b45fb40729dee2413f42209055c1c4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 979e456ef9c6002cd7f8f82652157502
SHA1 f2be47351c0080d8f8111a69a0d1e6be8be54dfa
SHA256 663cc5e76a17df1dc5339c21efd5b64b0faee586ee5fc4aa0c47184d6ad9fc7d
SHA512 db1ddc3245edd22ddf5869240100c54d1868855a262bf317655e0014bfdfab2f6a0969173a95894609765820efa7729f73202d0defa17bf5e9a7360eb35fdd59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 4ebb99d99be56e1989dcb4d1b8b415b1
SHA1 e435de21854b053b4f7bc25461def3b2d4725440
SHA256 d9764e5ce3643f4d9136a52bfbaae090291c2286d9ed3f799aaec1bd60f58e36
SHA512 1a79f213e208f23f3bcd8f3a5bd30407da254c761bc29f147f7611b2e8661325723fabe74bcdcc623a0b5dc47e469030de1a5dc0338fc1c4c199e580811b9687

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 090c1c8a83d366a46d25e7ac9f43b2d3
SHA1 3d5175cd7d9ac0632e874905aa0a72cd8161d7a8
SHA256 dab0a5e1516a496a7e7124b03e466abe6405fb99c3ca5ef3bceccfd1e4349a70
SHA512 a87493eefe6b8b80a3f9fe14ed1b5655c8d4f296e6f80ebcfd1c50c721d1ddf9ab658f04f651538f325873e49d598ed3c15301613f93af45b116e76b13eb3101

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 ce27bc9f663d135f7b80f646c861321e
SHA1 91b6abb61807205952a23ec9e479f4677d444f10
SHA256 cfae2de0427784dbb1eae8da4968e399101b514b4a78c9d950b3527b9a07b895
SHA512 ea2f252d9c98d339f67ebf35bf349d8938a918a8bbb2f2493cf9065519c34eff29e55d0668efdf23098e98170ce38f62f4e85fbe0cb570557f4cf02a307946ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 e87b490d6226190c8568be0284f2fbee
SHA1 2fe2e4f2d2a4610aec4a77b1e7f228e059139a5c
SHA256 da8f4b2a555a9489409229f9f05d5c73e6bafb89a7c1c6eb60b81207de42f7d8
SHA512 0e7485050c1853107b28f44ed0d405de9147c5d9ffd557214f36dc9a93e6b25e9f8d76f2321548b33c4bb94a9c73d33dc9c358c40ff854fbb21c20021214169e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 7f29f1a6e27720b22da4c4804a4f2875
SHA1 4274094f733609284c1ec5f53ca03be5568743b5
SHA256 be0f685b8ab5c2a2295aa91a300816c3f377675b3632de42987482aa9e811a41
SHA512 0ec6e267eeb848a92c603b8863b50bdd7cfa5385bc592bb30e0df87fc59a8bfe0e50546108f1fde8da8cf3b3da35420cb20845de02ae6b26bc98daf4cbb770d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 46e59a64d56bdbf92796ee31f82b7282
SHA1 ff39da0d15b23e9b39eb0a06b3012eefdae838d6
SHA256 5e5f3dc86b88875ac4326956e879693bd060b5d039e91e6e12a893f839b1c02d
SHA512 b0ef04dfb1231754d87d13477fe914a5afb01059023140a380989863c5b9deb7ae89d92196aac12327b7c6ae501f8c7dd71bdd546bde835c53c568b2afd58143

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d00c5ce3d53885119e3e9b0d1f27f741
SHA1 2615d7910dfc3bb365fa7c259727dba9a97fd9c4
SHA256 a2bd06528f04d4cdfd3903afd677dc71f1bcd801f61569bf3706426b92cdbc27
SHA512 0d525479803f0f53ca298f2d22f7b00ad73a904405de6d937591c9941d963b08a346754599b1d7b3783060a377069209285127fef4e2193e673a8a233f535d8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 aed7a9210314c76c7f8acffd8304683e
SHA1 cd1372af027028beea38ff7bbe150f1f9cb8fb24
SHA256 ae3109d0bcb40d90b49bf514aacdbf30df819ea5647904540f1c63c4ae85ae80
SHA512 1883a51b4dc59512b71db3ad5c8bdcc2a6b50df990d1a57076adaf0d59800e42759863bb66693ed6d91a45f670aac0118fd8dba804f2eeced64c92a81381a2ac

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 7b914d1396944d64bdf4ffdb7d84a590
SHA1 b41f5b267d643444da6653bb6d0a9be01508a85f
SHA256 8cfcc27bc68b79864e71bfd28e0f5f7dfbe91a0b08a1c69294b5c38a39883b9f
SHA512 4a6271df832e9ed4e782e70db7a0352c4997739d575f92a776fb617bcf8827c3abf149779fb4f25cd37acaa2d2b5f4fe7f63a3a174e857ee25e156731c35523e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 d719fcbf755ef34d1b6d6f2bfe229e5c
SHA1 1b73e7b712033dd58f5514055ba6c67b5ca7aef7
SHA256 bda104ad4d155b1afe3265344019707e9928fdd68a5a5b5376d72475a7b550b0
SHA512 4395b3e4f6a7f638f2dbcf7ffb91a079709ad26b2267753aa7df8fb58e7af704a533f74cb3383614543889beab8c094edc9e9b6eb42ce3d2c0e84ddcb75279c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 5dd87753c6daca1fd8d57570d6b80d52
SHA1 dc0007e7328321c8cbb2a59811ad74ed1cabbbe4
SHA256 cfc8e89fd84e9d8a01a6242c4bb96019097c880b4e7db23529557619cd2bd18e
SHA512 7908c1f1756ed4c69fc0ef17d7d56a2cfc5526ee7247365307e7c69515765325efccc46c82927236432fc8995553c1bbef6ded35f29fe12f91427f2d373ace78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353322354754119

MD5 3484f413b4a1aa346274e96496e6fc44
SHA1 085efa8d89a534fe8b43f393c526d62a8b143c26
SHA256 d2ddc95e9e02a398a2fb751c2574ee6b126524c3b89f8a5062459b3cec67d2fb
SHA512 876cc78f90cbc4ef8a1c2e80bb4336f32762c760b17f1435c89a9fc1d947e209b954401ab5e98785ea73d667bb88c2e3d334d9c5a5ab154c26f33495bbc9435a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

MD5 284ff8723bff20a4e4be9faac7110e5f
SHA1 33f112048c9df4f5de03cd1914db460f5c2b427d
SHA256 664887aaad54f3b9f54708282c3a7f8d2c8ed5b481ec1184b50f616a87112212
SHA512 81f42f1d8628632bd7f1f0bad3a3016c06b44c2a67d433e0cb4045ab56508c81129ac20061f0b7255258eaf12b0ad33a59514e04bb4e0beef758c6edee7d6579

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a6066384134e552_0

MD5 2788b0911411cbe24a19031b6a2d89f4
SHA1 29f8cee95a164a56bdf828bba9ca427fe3871297
SHA256 209cc2172b98fc12f84744be8fa3c32528e9bd4199029251df0fe6b446a9885d
SHA512 6964d0a6c76326cf4369318f08093769dec98f0bd9227c445e018822b83a4efed6a1dfd323e93fca7e798884660e0a80747bd438807ba9dc6119d6e799ec7509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 65df57b2419a13c5461b80e9671b50e1
SHA1 6e1964f780095e52757cbe0c44e3bf8f9ecc6eff
SHA256 0a2f751504c4aece09520750e9844fcc3ab33c7a00938fbf543d4db8ba14934e
SHA512 00e8e25f4b85462dbb5e75cab589e0095906ad94f9921b01e1a3b0c9f623fa82074c3451c2d38adfb4b92aa1c1eb0b9c66a9915a9db357511c37dcd49c0072c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89cde42b714f976c011e339b56a2a808
SHA1 440bf90ae28c7ceb55d1b455cd249f82acb6c00b
SHA256 accf2a3f137bafdc54d1edf09b6606c9094f9a98d18971229ec7c056491acf61
SHA512 e29e4012f390a6bb39de88ff846297ed01d4ff83d2980569d46698cf22fd59c28f212378a3c08a2fa9728956b2ad7f82207e2bec8ab2b96c7fe38de662bd99d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\Downloads\AbStealer Builder.7z

MD5 edd911eb6f5a540b93a1fbc3fa5972bd
SHA1 722802ebb60acf876d723e10423a432bc1a2d216
SHA256 b9d5b9e6591f359bac9f4983a4feeb555d3d59f94ba22f6fa5874424ef6a4790
SHA512 d61137ac50806a8925f043d196b2e750b07d7bec59f4871b860731cfe4f24dc1a1aa39347711581a32937f481be81f7ab3768f876f6d488ea449e390d1d35b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5e5de35325e974e36ba41c3d5aad904
SHA1 d7afc23350ad1566db1b1d4929cd9a3b38064206
SHA256 46dcd9988b39ed242d6fff2569c274cf33f1f5da0c1715f721c2a00f2924573e
SHA512 2e974abf7d2d61edf43554fb25e97f58996a212e84647ee42800a647be65f548245db24eb2709f16f13eb9912324236e7f01db00a15974b0d5ab679815bc6fb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6d4c6413d2946b0becdd23a6406a96f2
SHA1 4696da9918af076ff6b11b493b664ae0817dd9b2
SHA256 44f7ce12726ce1640a504043198887c0e20a67e873010036ec906bc5a994a4f8
SHA512 bc0ee5961ee9c0e84fad80525490062ea14d80e6fdf33faa73af8984f141772c6c1a01a2dfd3206bce55741a133d2978706023ce1de79605613265d52eee2419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3df4601175458fc90c45607e6c5d7354
SHA1 4bc4e2826d77ebfd34075d7afe7d4351e4db3993
SHA256 aebd60b786b1fd071f43938291e5399af2e8fa4fd31803c588e5ced22810fa0a
SHA512 c127f23fb1abcf5c40c415275f9782101e6ce2892d50ffdeca6e43150ed7943167318ccf445079d401033124811964382016e7f0d610122f02e31ea64e977e69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 82d902abb3d2e3e8873fafbb8765e8dc
SHA1 3301c421970859074dc7402611e6042b56259d82
SHA256 f1119382f7bcaf4955d9453e48ccb624b0e98c2d0b7823df448ab70a5ef1cbf8
SHA512 71be9dca6b683406890ebd47b6d3ea1234f00601c537e9ea459899b598098cdf5688179b01645b10c1cfd311456456456d4326c29f6a5a6237d4e2a190856b9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf28817e84c405d26c1edcef87c85bf0
SHA1 d8528abf808ad44d5a4acd67428caabc8565d4d7
SHA256 7766f6f0517685179bd3a6c2f92dad5aaaf5f157d8641dc69fbb4f7bf64bf7f9
SHA512 d28e83d569c6058adacf69ea9323bb5b72d46ce86a73299b18dbd4e429bf10995e23b923daae772d676be372b7ff215d0ab664e18f620ebf6ed3a0ccd5e9fb8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8344cbbf37fd98b267a26eed174441f0
SHA1 1f8a0be3e20d4182609be25a2add9d2d2dcc5e2b
SHA256 394a4c8daf2d5887ee607a909eb0e35ccf852178e9d2a438e74138491013d448
SHA512 c628e7b61adaff995a3b991ba06c53ae485cc9dae5d1cbda0613f591aa5336aef723991cede88cec941f65c15d166507015b37d5188a57853c8af9b4f7211e46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 67124ea9953d00c4d82e05e996085243
SHA1 08c6066e94ad9938591fb63f64de366611f0571a
SHA256 7828b708739107248f2568675d1feef6e2043639a7aba30699fa92e31b836f3a
SHA512 3f9830f174193a80830f46f2cc5785d5e0082833d9ee878cb089717d4c92a54482189bbb6f401220280997d13f1dbd39db2d5ec4b4b02a52832a29e935b15039

memory/4568-568-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/4568-570-0x000000001BA60000-0x000000001BB06000-memory.dmp

memory/4568-569-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/4568-571-0x0000000001240000-0x0000000001250000-memory.dmp

memory/4568-572-0x000000001C030000-0x000000001C4FE000-memory.dmp

memory/4568-573-0x000000001C610000-0x000000001C6AC000-memory.dmp

memory/4568-574-0x0000000001640000-0x0000000001648000-memory.dmp

memory/4568-575-0x000000001C8C0000-0x000000001C90C000-memory.dmp

memory/4568-576-0x0000000001240000-0x0000000001250000-memory.dmp

memory/4568-577-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/4568-579-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\db\data.safe.bin

MD5 37998035b43049833b2ae537957babd9
SHA1 1e2e5c99c6055572222a9c5acc966478eb6532fd
SHA256 db4847ae0171d8c0ccd2c31b1283c2e3d361ff1fd5ac41edf7a8e2e284d2874b
SHA512 1c77d5fdeeada9194bb48434a5c52a84db90a93f450f328d5d1f31b909232bc5ed3b0f6b23e57953d4aa6029c89396510b6651e885466c2635cf27a0715a2a5c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\68f02cda-d0a4-4a2d-8056-bc31936a3ba7

MD5 429b7818744ed86bb8974f5713bbd152
SHA1 95bddbbead82e2253242192d5f62f2bbff5b7e34
SHA256 7f6b05e7413df06adc09e289564defc63d776b82d6e3a8f615566b42c53c4a8e
SHA512 e0be6cebf4daca640e84e25f92bb07568be4d7af2682d307b654dd5bef2b65da25cb85624fe58e5c7c7c80684a35d99f558b886a7ca93f6653d779935a6b7de8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\a01038f9-d159-4b67-bc70-7810c843a54d

MD5 f9d8f71087efd6ef82f45d5b0e31eccf
SHA1 06b20c941e6a97b832f810132bcc5f5f3a2468d5
SHA256 16dcb6a6d2a5035fde6378706defd394bdc08d8fc9654e6a50f95ba1471709df
SHA512 d0ae4464ba95d15302226833e49eda4cc73e8131f7f8963cf4334989f9c4311b1db3bd07a7bd26cd7b346d9b22b9b853074a37429305aa4a210fced4960f02f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

MD5 9efbc71fc48850f46b34158f54056ab4
SHA1 f4f498e501030e2170c5b3a88d32f09442b13f9d
SHA256 c30e2f19d1ddcf67a4918e4e1eea85f3b7cfd7ecd52454c8626760539fbbf81a
SHA512 7e955dc44b67d2ed4cf4ebb2bc9c2fdc19fde980196ce5f11d9980b78aeddbd8b3abcda4b3ac5647c63627f356017f596d56eb9564289e90452df260257c214a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 31d972e8886be4b394d1b7e4e96fc7ec
SHA1 f094c366dcf96b240cdeba70cbe30602e805e45c
SHA256 4d1fe06e55695e2810c7fad2ce24354a90e35a2e6261545c711d1501fb8cd4fd
SHA512 41bd6742663b861f33dc098763b89367855fc70fef10539b7c6562512d99b8770a1babc6ed9c2eafff5dd1a44e9857ef65ce492506a1eb25be7e0bd615580d7e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c07609aa6af9f5160ddc711edeb47c98
SHA1 b3ff474f6f81561ac6384d4e3457f75ba22a30c6
SHA256 283e4b3219209acc2168ae0d368db1c5827668e85ab89587ed0da13706060120
SHA512 53dbe0ce62e653c445a89f90a09960989629f244c9f6528aac6b955eb75bee876914674bdd4fc9119ad9d7a31e4f4f047879b7e80c8249cf3531e6287c365911

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs.js

MD5 3adef8b95fd219bb25b809eabebf7ef0
SHA1 e07f19ff4fc53211c05f888eaa6d2f8c5f613f79
SHA256 2788db2b3e361621ac2ca2c6c04bce25dd62eec9236cd8436ae53e5508d8a74e
SHA512 b1304b5eff4b0c6122d916667a2c2b214c977cd6affb90167ae55503b2713aa7c5fb09e93837d5b6dec4d362c17c008c7d9feaf245e07929f8481c58ef535fea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

MD5 bf7e6eed3e0b0e3400338f7009655ba5
SHA1 50c9a4f06e7cdeaa94ad09034a0728c5c7d91b1a
SHA256 f2cb23863afe3665a4f74ab511c06d49fd0c90cb9575d559b01722d0fdfff715
SHA512 6b2fa658c53e245e499db3a9628af2bce0080d056a332c8da385bda4e3b05c054f2c9c9a0b783a0b51e917078bfd5b0edcf7833ea3a3a61e409414ec6f3d7f8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore.jsonlz4

MD5 8bac35d422cf5f088e9f213093ad408a
SHA1 2cfbdc76fba112031dc55097ef2a80fe8c085d46
SHA256 1e1ddf4bbe095a179908c965fcddd27f779911a57c3aa09cc4e21263004e3a26
SHA512 300a78dc7434691fbc98f6f3a20f331f563a18d2cab31b8410fc746730e446973e7ea2feb810f8f969ae9ea53f0eba75338784bbf917286a57d45e8056744f18

memory/3488-798-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/3488-799-0x0000000001510000-0x0000000001520000-memory.dmp

memory/3488-800-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/3488-801-0x0000000001510000-0x0000000001520000-memory.dmp

memory/3488-802-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/3488-803-0x0000000001510000-0x0000000001520000-memory.dmp

memory/3488-804-0x0000000001510000-0x0000000001520000-memory.dmp

memory/3488-805-0x00000000011A0000-0x00000000011F2000-memory.dmp

C:\Users\Admin\Desktop\Ab-Stealer-main\Mono.Cecil.dll

MD5 851ec9d84343fbd089520d420348a902
SHA1 f8e2a80130058e4db3cf569cf4297d07d05c93e0
SHA256 cdadc26c09f869e21053ee1a0acf3b2d11df8edd599fe9c377bd4d3ce1c9cda9
SHA512 5e1d1b953fda4a905749eff8c4133a164748ba08c4854348539d335cf53c873eae7c653807a2701bf307693a049ae6c523bd1497a8e659bdea0a71085a58a5f1

memory/3488-811-0x0000000001510000-0x0000000001520000-memory.dmp

memory/3488-812-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/3220-813-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/3220-814-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/3220-815-0x0000000001150000-0x0000000001160000-memory.dmp

memory/3220-816-0x0000000001150000-0x0000000001160000-memory.dmp

memory/3220-817-0x0000000001150000-0x0000000001160000-memory.dmp

memory/3220-818-0x0000000001150000-0x0000000001160000-memory.dmp

memory/3220-820-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/4972-821-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/4972-822-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

memory/4972-823-0x0000000000BB0000-0x0000000000BC0000-memory.dmp

memory/4972-824-0x00007FF83A950000-0x00007FF83B2F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9459d61b-406f-41cc-9bfc-c01a06834d2c.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce6e9ca59e5bb679fabf9e00d12ab34e
SHA1 126a3e00212a4297007a2937104a7e1e2f870866
SHA256 155c88a8a9b842b5849ac7f5c78eb37c1d38746324a7c35947787dfc3c8ae1bf
SHA512 b976a0fb35b6892abd53caca1c83600307df5ca283717f55002daa6a9a87e6545a0ee2f1f9b46e0694f4c8b9e98c14985314d61c277e731e061f5cc87b0c2add

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 04286854d29672850fe6083a0dcc644c
SHA1 9630860a8aa2b626c8944e273208bac6ac7a698a
SHA256 649dbfe8d7d8a7352973f51baabf57005572a0ccec96f2f44f6174b9aa8396db
SHA512 87f5b06bddfc5bb4c30f2356ee836e8cf4ced177dd7f4e5e6c49cd63ab579615419593f9697f5324e6c9edf3c54e09c962381c53eade158a6c6a90db8c91b7b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de7839756d129fddbc0f8ded0bfd0811
SHA1 a983d997b1a7fb6637c9afa7dc594f17ca90e22c
SHA256 3712d63af173891b76064e86d52b5a1ac3b47a99e57329ab89e4f707b5bc0ed1
SHA512 33df166b7d0b0bb5ace83d380926b0ffdcbeee69a61261567e4bdcd0bb377b3d9cb83e342d9f9c58897a2c4603350c9b65298e3c61e8cf582cbaa84e71212d18

C:\Users\Admin\Downloads\Lockbit 3 Builder.7z

MD5 c9c2f3805f0012628e9d62e8f75af4dd
SHA1 b6269b1fc8813b93c11ec6066dc33d9f99f2e431
SHA256 b2c3beda4b000a3d9af0a457d6d942ec81696f3ed485f7cf723b18008a5f3d10
SHA512 ed4cb425807bbef4da92fe9e17b78746e096612e6006521279162379b2fc65f8dec7647e9c5403c6a74e6eb9b61dce7ca1c74c65d77aafbd0719be79cb1d70ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a207964449a75190fd1a6e37a3fa88cb
SHA1 40e01fe7a3418f3af84c33397dcf5291dea6ff81
SHA256 e17729ea5e50c325231ecedd46b34faaa6c3ecd37dad189af7abedf6cc4c7cbd
SHA512 5b39ab4a4928bcd57294c524475a455de982dd4ee252a1e24e8cf45ee77cd7e478a45373cbbd2324dd96210f272743ddccaf34d1a7a3396e6a66d2fe8a1e9d7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 56a0603f6fa4706b9b84c976f78cea1d
SHA1 683587685348497c31a83917cbf655bf1be6c3ce
SHA256 8281c3bdb1a5073f3fc3cdc88c4c4adab7edd7a88fa4a9e74b71aaeb2e0d47df
SHA512 f1458a72e74416952360f4aaa8f793631f5ba8ad7c41dd83e9fed678b8996c45655a465ad5b66cd67ceb2588a4bff5a0b840348de32e72eff7f7268aac94f4bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b331ad9865fd237323daa71f4b63a67
SHA1 ac5ed03777ce619fb7e1abcbb79085b56b88e408
SHA256 d20219cb6e500fa9e583dff1e0b0c3a9de8eb2c51eee555936c4ce1b49f42a8d
SHA512 03b18284fd65e567d7cdb965f30c336ef6aa5bb3b0b6f3a71a31693cc8c8308afd910d056e9e8d3c5da1a26ce6f35dacfbe69660a4252d343005cb5f02f84399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 af922f9fc645f3bb6cf42a70f54a8f0d
SHA1 e22bc0751f1299d72dcdacf589f0c48034e99064
SHA256 ce797229ff3b74bce6c68b533923d9b9cbd50770c7cf4b3376b3d3ee863a4ff3
SHA512 b9a128bb147898f230277376b94b94d8a65ef36753b7f75ab560d1d14d64a25afb76755526d7f0722f2db02ad9b91cd95d4d6e2bc4b6ded3d63b7bc41eeefe7f

memory/2012-1029-0x00000000030E0000-0x00000000030F0000-memory.dmp

memory/2012-1028-0x00000000030E0000-0x00000000030F0000-memory.dmp

memory/2012-1030-0x00000000030E0000-0x00000000030F0000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\DDDDDDDDDDD

MD5 a912c644ac8dc3e6c728f2ac9b1099b0
SHA1 8a47f0cdb21d9214846cebe7ea2ea62bb600958c
SHA256 1c397022d384625de33c3a677d77d6466a6681618e062bb7f8c20e02e70898ef
SHA512 89688cd4bbe6d7890f2f7afa603ffe13ec991f21985f175d4f5c92381807ad37a4d7ba88971165f81c677d40644cde6d1155e0aa3f4d32e71506a8f6c2fbf122

F:\$RECYCLE.BIN\S-1-5-21-3844919115-497234255-166257750-1000\DDDDDDDDDDD

MD5 a22f2cfad76f1c50541a1e056801563e
SHA1 e7bf72748258e192345e86a6408edc034fa6930f
SHA256 108d57f40547e011a7c9f3d9b8bf0def9c5316d849ad6d10ef4f9f051a3afdb5
SHA512 015eea816aaeb699da2d750a636649ea0b8054e6db1dfd732e808a2ac9593fb9a0df4acdacc06a363c63e5d1486b4f159866c72d7b82474671823efcb4c2f684

C:\o8RCWFYi1.README.txt

MD5 862e8f06052112c0f4bee42343bfc83f
SHA1 08662d26bbe99b77d9e1b6b050248eea0331c126
SHA256 78737f0b1a387858063b50471caed2e54e640050aa53682dd1deeb184c2f0c7b
SHA512 1cdf100388adea2a12a66de67d9e8f436d05a8569458c45ed49e84589eb870fde603290f404aa06424ff0d985c49e76be5951f058a9d98d4437a59561fef51b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529799898763234.txt

MD5 eb98e105944659178c79eba4deaf1d35
SHA1 cb6828da56a1b0556f57e690826b080675561180
SHA256 b03328ca70a37b824b83a1fa20332d8a9f0c31ec90aa1c84430b1bdd6b48db71
SHA512 20a0be9f7f1dcc9554453b761e9bb7ad6e7a0806e3e321d7a8b9677a2e2cfdc29c1a136275f9a4a1f2f1ad976d254d3f9ce7c790e51d85b38ddd3499b16b311d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat

MD5 a8308d2f3dde0745e8b678bf69a2ecd0
SHA1 c0ee6155b9b6913c69678f323e2eabfd377c479a
SHA256 7fbb3e503ed8a4a8e5d5fab601883cbb31d2e06d6b598460e570fb7a763ee555
SHA512 9a86d28d40efc655390fea3b78396415ea1b915a1a0ec49bd67073825cfea1a8d94723277186e791614804a5ea2c12f97ac31fad2bf0d91e8e035bde2d026893

C:\Users\Admin\AppData\Local\Temp\wctC1CA.tmp

MD5 e516a60bc980095e8d156b1a99ab5eee
SHA1 238e243ffc12d4e012fd020c9822703109b987f6
SHA256 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA512 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

MD5 d48a4f62be2c96a1720b8cabfbafe630
SHA1 778ced8c6c173973086fcf4c588310e3c856450e
SHA256 826143fdd619c3dccf4b3c0f6c5b9f2050984aeb08ca2ba7b6173463e25c4b32
SHA512 b90d4620e84d4cd4abd51bef5eebb79debb9767dc140b53ffcd903b9944e3269727c46ae46976c1733352a739dc82fd522547849721f4069c71075e980d85edc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\xulstore.json

MD5 05e1ddb4298be4c948c3ae839859c3e9
SHA1 ea9195602eeed8d06644026809e07b3ad29335e5
SHA256 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be
SHA512 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\targeting.snapshot.json

MD5 8c1d2e427fac0a23a28630c55bf4e726
SHA1 ff037e18b9ad395514d053efeafd9bba77aac31f
SHA256 20dcbeb7d696e6287cd53c74a4b8e5964186130d60b6bc618084d96fb3f485c3
SHA512 63ccd1127c8852f71e6595856c5940380dabe361c8d560407753cb6b0c6744f344b7f0f68f1e2e2fc2a02866012c2ddb585817130669a932cea5670ae08feb2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\addonStartup.json.lz4

MD5 19e63ce45053dbe37f089dce99a7c290
SHA1 17b13f72cf9146c5ceac35ae541333f2ecad079d
SHA256 5260fa2d0cf0236bd96c06915bed0b67878f6210074e2a7f62110258edf47996
SHA512 9e1ed321605a8fa0b46d469188233a30d56a3814a065aafd22bfa35952276ed4a761c0a1e5552f00184fe7773a54c730c28ab33d916d16324872299555b1126a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529810771623370.txt

MD5 18cad904b085f352c61146cf9428f107
SHA1 baf47b4a7c4cd10e108dbe7ee9b651b494543432
SHA256 e81f357ebb0a6ba735845282014278bd5e78f5a5c309eaeff8da29f6b784b8cc
SHA512 553b8e58ca3e85255b17255e959a865780b5b4a55dd90bc453fc1429b9c6dc4c957997d7b7d094b0c4a2e579a646326b362a50770d5f27fd9ce62d2b0837c6e0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529854140532159.txt

MD5 b98cdb070ea557f909749f0582056331
SHA1 e9f70e380ce8853264fdb4ff302c98d9809eb0e8
SHA256 d8a6d9b4d632ce889c8147253c581995909bd39831cf09cfdf0589bfd559bf64
SHA512 d5b7a4f3003f2f7f481e52116e6031d6e03e47353e963d334c3815b97d09e7e1ee0e390034a6dfa638eae2b43b1d349d7e48ae16447ca85cf027feb09b628925

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0c1fc36f-c8ae-4097-be2c-84d86cd2d5a8}\0.2.filtertrie.intermediate.txt

MD5 c204e9faaf8565ad333828beff2d786e
SHA1 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256 d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512 e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0c1fc36f-c8ae-4097-be2c-84d86cd2d5a8}\0.1.filtertrie.intermediate.txt

MD5 34bd1dfb9f72cf4f86e6df6da0a9e49a
SHA1 5f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA256 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512 e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}

MD5 8aaad0f4eb7d3c65f81c6e6b496ba889
SHA1 231237a501b9433c292991e4ec200b25c1589050
SHA256 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA512 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc

MD5 eab75a01498a0489b0c35e8b7d0036e5
SHA1 fd80fe2630e0443d1a1cef2bdb21257f3a162f86
SHA256 fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47
SHA512 2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45

memory/2012-4508-0x00000000030E0000-0x00000000030F0000-memory.dmp

memory/2012-4509-0x00000000030E0000-0x00000000030F0000-memory.dmp

memory/2012-4510-0x00000000030E0000-0x00000000030F0000-memory.dmp

memory/5300-4511-0x0000000000400000-0x0000000000429000-memory.dmp

memory/5300-4512-0x0000000000400000-0x0000000000429000-memory.dmp

memory/5844-4513-0x0000000002870000-0x0000000002880000-memory.dmp

memory/5844-4514-0x0000000002870000-0x0000000002880000-memory.dmp

memory/3456-4518-0x000000007FE40000-0x000000007FE41000-memory.dmp

memory/3456-4519-0x00000000024C0000-0x00000000024D0000-memory.dmp

memory/3456-4520-0x000000007FE20000-0x000000007FE21000-memory.dmp

memory/3456-4521-0x000000007FDC0000-0x000000007FDC1000-memory.dmp

memory/3456-4522-0x000000007FDA0000-0x000000007FDA1000-memory.dmp

C:\Users\Admin\Desktop\LBLeak\Build\DDDDDDD

MD5 6d42f2156b9150bee125f208dea7fabb
SHA1 6b87ad8d75f63c206c73fbfb8e4dd05cad814668
SHA256 0c4511a10c48af8c4e775e95439bcf08bc8d616d9e8339f7c33d03f71276dfcb
SHA512 f0df32db443885d8677cc8ead8c8f4317e5dd2ce7d97f9f2121e9c7ce0ec67d025587e9b8b4d6ec12cbae3a4f98c86a6f9d4a1d151949612f50f9eb57247f0ba

memory/3456-4552-0x000000007FDE0000-0x000000007FDE1000-memory.dmp

memory/3456-4553-0x000000007FE00000-0x000000007FE01000-memory.dmp

memory/6124-4563-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/6124-4566-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4565-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/6124-4567-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/6124-4568-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4564-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/6124-4569-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/6124-4570-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4571-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4573-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4572-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4574-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4575-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4576-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4577-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4578-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4579-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4580-0x00007FF819640000-0x00007FF819650000-memory.dmp

memory/6124-4581-0x00007FF819640000-0x00007FF819650000-memory.dmp

memory/6124-4598-0x00007FF85B740000-0x00007FF85B80D000-memory.dmp

memory/6124-4602-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/6124-4603-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/6124-4605-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4607-0x00007FF85B850000-0x00007FF85BA45000-memory.dmp

memory/6124-4606-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/6124-4604-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

C:\EFH4UcdOY.README.txt

MD5 f22677504ac0ca8127c36256e9a0ae0f
SHA1 01347a69007611fac1599db270b5f21dd5b25253
SHA256 2e76513ca1782410fed4247782291d88c64beef2cd9d0e016073db92b231ab1e
SHA512 ecd11951d98fccf184e2147664102ac47efb3b88cb8bcb474a69d86a68950121645e72d51f258169bb648b82e42c5eb819cef4c68f0b363da65a13cc90114eb6

C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\DDDDDDDDDDD

MD5 106341b7bd038d81e1ca725fd1eac12f
SHA1 07d9c6b9207eb9c987e38fa8514378dff4e44bc3
SHA256 7b67968b0d27cfbf5a883e948cff89154008784beb9762c7e2e0588cb766fefe
SHA512 afe8f6c10f9afef61033791b5579e289558e052db61296442ca0b5ea0c1e2078322e41868529b51ff9d63602833f8873c77095494fa9b2f624aeb051c19a9ec0

memory/7816-7448-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/7816-7452-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/7816-7456-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/7816-7450-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/7816-7459-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

C:\Users\Admin\Desktop\LBLeak\Build\DDDDDDD

MD5 68ec667cd588f096071625c345b4045d
SHA1 d4c727f3616fcacac450f0c1e3a906250034b7f7
SHA256 faa5680774abb0dacee2250a1e96fe43b6bee77aa5d6b0aaf9c3dd9826ecb62d
SHA512 83d84cc4456685d6616371480c1796c271aecdc22dd95a60a17da98500e0d200dcc05e90b78dd227a03bd809b22e41faf36e693e67ced2a6c279edc1501fdbb6

C:\Users\Admin\AppData\Local\Temp\{14170798-B1F5-452B-A113-F6B70E383714}

MD5 146071e29e575b342e126ea095d2febb
SHA1 f5706d465aaa5007be226cb3fc0e3714ccd7a834
SHA256 084dab338ba7ec6e35c9c99c734e4a40a0952aab35eb78484a6f1d0d7c821cf6
SHA512 f870f4a40257cfc01b39b7fccd8ff678dc9fd1e271aba23a81182731276d789b6cbe44bc0b63c36937bf82971abcb873cb2f393e3e6c5decea2b7e20b312570b

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2

MD5 2f39d25544f684c268097ed542df4568
SHA1 96256b5c6fdf0855db496416fc4d224ae0b95849
SHA256 688aba9e384f760c5241d7cb5ece871bc8ec040157b2ebba94db03cde19f5b6c
SHA512 c4e94a3adb9e80cb156ab3de7eac3d4f3098adee322f8a481807fb28cc4a54264eee3db1791eeb528b191681e8193a0537cbe6721328837e85b577f5d9e87277

memory/7816-7532-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/7816-7533-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/7816-7535-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/7816-7534-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

C:\vcredist2010_x86.log.html

MD5 eaab024d74a3ef83a7f544195ae32f3b
SHA1 83b6234b685f0592db69a651751591fce3aaa35a
SHA256 4014b196dd1494108f016a5473160cf5eb64375af0f0ed968a96f216eeda160c
SHA512 bf29f3a7f3ea539b20ca67873e0fe15a2808c5fe5bf71d4a2e17deedb49e0e0f3ce13289327a6c06ee4a66c4548e12c6bc9d363bb6b7c5a3226d390466519442

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{51325390-AE6A-68FC-A315-0950CC83A166}

MD5 8ab0ccfe101f2a223bf9fc11f910ec64
SHA1 86a7cf51b399bb786896fb77f59ee8b4844f5afe
SHA256 8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a
SHA512 b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_NEWS_txt

MD5 968e7d1aa993ef1052b35a95c51946d5
SHA1 c67817521eb4f70d692d3d29b32676b1871e3d40
SHA256 719fb4e7016e1c4fff64166a8809a6ffe5d16ba0a40e4e8593ba7f664337e239
SHA512 3382a01b518c38859c1ffc8799aacb941fd7bedd2cecaab4fc8e7fe8e44aeb6acf3997b844b9b5d8ddf4e72331e33972606cab1e9d8b527bf80ef7a9a0136022

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0ccfeb2d-f122-4245-b2bb-d3eb04c63d87}\Apps.index

MD5 a7efd1447fa1364fb90d780e32849647
SHA1 6d2d5fa810d5f8c5b874e19d5e1b46003a72b38d
SHA256 bcb02d60d6868b6b042a9eea9997bcd02fa96d5f5c30747fc6e63960f0f39f40
SHA512 baf618c9772f642fc969639ad0a09ac96f8b13ae6fbf78c14c784ab93d968bdfe68c9e915a679d8df0bbef3cc749bc59e6c0e22b634ed1bdc63c84ce43a1cc6d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529798325981989.txt

MD5 35de3831d0658d68d28e1adabe5d640e
SHA1 8878a010f1993815fca5863a67173566e0c41afe
SHA256 03bdfbcc28f9cebde2697e9363024f32285c2b44eed697884604db318deffb27
SHA512 b4a4cd1b17be39f40ab2f73ea0696f1ddb22846ae92fdc86af2ddcf5f6243a858e9978657e3aaa7a69ac86669956ad0d4c5a724c061f6d965e062d269c350e72

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USStmp.jtx

MD5 d1dd210d6b1312cb342b56d02bd5e651
SHA1 1e5f8def40bb0cb0f7156b9c2bab9efb49cfb699
SHA256 bbd05cf6097ac9b1f89ea29d2542c1b7b67ee46848393895f5a9e43fa1f621e5
SHA512 37a33d86aa47380aa21b17b41dfc8d04f464de7e71820900397436d0916e91b353f184cefe0ad16ae7902f0128aae786d78f14b58beee0c46d583cf1bfd557b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\B58E1BA6717AA5C5619108940EDCD152ACADB3DB

MD5 443ec628e02f1abd410262451fbccaa4
SHA1 b295f37e59f1fe52f783c5e2f6ef68603da61843
SHA256 b15823bb4d931cbb160c338db001894178dcbcfc36258b31d29ca99365d86a2b
SHA512 6136c9e267276c2a3414f9fa7bfd30a8fff292fcf533b70869951785b2eaf47eb1a3419bc86e3c21cd6113c8c077236dfbd7f5306cb23b2349cbf64b8078a2d2

C:\$Recycle.Bin\S-1-5-21-3844919115-497234255-166257750-1000\DDDDDDDDDDD

MD5 fac8b45bdd046743d68ea3a8d82aa93a
SHA1 376ceb487a716d6e94103aef805fe7d30fe2b7e7
SHA256 41ff2fad10b206b6bace13b99d82b74f247ef023348acdc5986b0fd880621f6b
SHA512 e66ecc72f169526c2be0ca3b2dec88f679f240031d98ae2bb43fde35579809b074a1a4e16f6d01d8dae634126155f48fdf245a233be42b2821d88f5b4f9a6545

C:\rlumdaMwk.README.txt

MD5 9c7f805f720fb4c96375c2b1a160b513
SHA1 141a691c9de20623655ada928ab8cfaeb430e0cf
SHA256 df1cf3b78984c09687b92450b40b2fca661990ce87256bbfeec96f573b1270a9
SHA512 32c97513060a861863db5a6d349289f59fc0003236480aec7aa88e94ef97276692f90517bb96e4c8dcdd3cc8f4fd5ac73e402fb8593e1285c2c162e7c95a713c

memory/7828-10993-0x0000023F55170000-0x0000023F55190000-memory.dmp

memory/7828-10995-0x0000023F55130000-0x0000023F55150000-memory.dmp

memory/7828-10997-0x0000023F55740000-0x0000023F55760000-memory.dmp

C:\EFH4UcdOY.README.txt

MD5 3249e1cebd4d28c2b5c539855469d5fe
SHA1 b55b34c4db504d2d92d402b4fed43352e0dfb261
SHA256 916d2b2ea09f1668844502e2ab224f8ccaddd0da80ec98b7c6938f724769ac6a
SHA512 2237425a758c83b6f5c1f8a21a123160330bcae7931ef0c6c5199bc35bfe18c44aa19fccbb6a0df86518f355f54df12fd3903457d1f55aee6b66d0ace586d394

C:\ProgramData\EFH4UcdOY.ico

MD5 88d9337c4c9cfe2d9aff8a2c718ec76b
SHA1 ce9f87183a1148816a1f777ba60a08ef5ca0d203
SHA256 95e059ef72686460884b9aea5c292c22917f75d56fe737d43be440f82034f438
SHA512 abafea8ca4e85f47befb5aa3efee9eee699ea87786faff39ee712ae498438d19a06bb31289643b620cb8203555ea4e2b546ef2f10d3f0087733bc0ceaccbeafd

C:\ProgramData\23A7.tmp

MD5 294e9f64cb1642dd89229fff0592856b
SHA1 97b148c27f3da29ba7b18d6aee8a0db9102f47c9
SHA256 917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2
SHA512 b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

C:\Users\Admin\Desktop\LBLeak\Build\DDDDDDDDDDDD

MD5 fcc3cda9d71f7af55e09acfe32c1f21a
SHA1 ac576ebb6b518048047dbbed9bc0bc48e53d75ac
SHA256 932a1432bb0e7aeafc0271d053e603d7834e0d342e6ede320913b23bd3cffa6a
SHA512 a3794a1adb5ecdaa29d08ed1e558bbc3b708932f92ae839d1c59b96219e064cb172b8abe8fee9796d10f1ac1618794a0b2e949b56ecd941748662ef8f75a9555

memory/8680-12407-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/8680-12410-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/8680-12412-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/8680-12414-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/8680-12417-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Quick Notes.one

MD5 de0400e12ebebee404d9fd67b7631d5f
SHA1 bb06dca7196abb0d87201d356a473755c897f74b
SHA256 a69e54294aab285d2581b1a826f2158d8e1215834d5ed176b71a9e7c9b28b761
SHA512 7e0eaecd23a1d6d871a9adf34e99f6d0007176231af236df3c6f13e49696f72ab0d4b52813644e7c1ca8c81e92235f92f4c83b78a75ef0be526514b86c750023

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{af16a8ab-b71c-4550-9c43-ff37b77165de}\0.0.filtertrie.intermediate.txt

MD5 1218ebe70d824d15d5aa68a5a9541061
SHA1 dcf1eb20e350be0ca52750c2556b11451b03b4f1
SHA256 7248cbb608da104f578ff7d67d94798cb30448a324a7f34025010d21ff832dfc
SHA512 41f47e1cd0daff4e2588a1da62bd3b88407c76b907513f42b1e51a24b76700645ce7bd338004944a1206d16d1c78f7731c9fb23e004d069cd6d2100ed61355e2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe

MD5 6f0d8710c462b5955d9d16745bdb1bfd
SHA1 ed0545934a28799ef27dddcc0439d05dc40c47ac
SHA256 342f29784a85f25ec119d85e39267ec57a4c803fbc099f6c5ceb7761f8896cfd
SHA512 404085314a3cf37e8e66aecd314d63ea9711d05c1ecb714d531126e61b7bb9929e59e4a42cb736ddade1ac416d76477881d18b428bfd603fede3e9eeb7b6f8cb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 c460716b62456449360b23cf5663f275
SHA1 06573a83d88286153066bae7062cc9300e567d92
SHA256 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2sf79v1.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

MD5 02c62d8bbcde30c7db965f367010b71c
SHA1 26db188d2d16307ec98dd6a157d7e2a8afad5337
SHA256 0f42b2ee5976283ffc9c5d418e7dbdf5aa10d1e73ae818e09dcae51e0684e38d
SHA512 46ea4999cd6c4249c5145d08c22bb901f84fbdadb23cf7bfae5ef12b42e8a83796188ce21457851e4cc7df6c100fb3091acc1c03bbe59afa90e5c833b9912ac2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_narrator_exe

MD5 057f55bdbb2f9bca4313e9ff62def669
SHA1 844420fd18e37edfc9794a12fdc5cb1193e6f296
SHA256 190973460b7b1e1fab6daf993087338adabf6889bf0caaa811bbbbf65595ee0f
SHA512 716420794e44a08db0933e98825643345f316c966bd6b0431e4f3187f8a486ae0e69c320683693a2f9ac6e5bf8ed6f951cbb650ac49002ab4d8c8d7f1ceb6397

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe

MD5 ad66d697441556552982c0a827402ab2
SHA1 b42bdea626a087858c06592c765920b3e4f2086e
SHA256 73c232acc9c055bd44836ba54fa521cc0a4f8b721da312b49dde928209fd26d6
SHA512 1fa50bac06bf78331fcf2c1c978838a95827808d73d10acd8a1ff76ac8584074da87b9977f16557095b20573ed6a39fecfdb50f403e792a4155878c9f3a3247e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}

MD5 9f1ff11e31c55a87372e85612ca3c290
SHA1 c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d
SHA256 0c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893
SHA512 dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b4234e88-9e3b-4876-b954-cad5a09cbaff}\Apps.ft

MD5 a2bdb51b1b1ea8360bc64530ab16d7cc
SHA1 95b7724c7506e17a6cfb38a29d5cac95f0ae14e6
SHA256 59d9a0ad8f3a55b1f83aea35ee590e2ef70f06939eb7beb8f77af9c40ce2ca84
SHA512 dee7aacd0e11d2595d7bc32dcb21fe78afd8f2f3f88f6a5142f14e22de60c1117906b72d6ace9bad8ccb035575b9ff3136a5a8729919a8cee13142c40559e5ba

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b4234e88-9e3b-4876-b954-cad5a09cbaff}\0.0.filtertrie.intermediate.txt

MD5 bb7640183196f554caf076ff2ca0e12c
SHA1 ccc92a16fda19e15631083fd81b02f0ea6e732ed
SHA256 80b1c12d18e49cf0ebfa4b380028b6f9e1791f4800a6bfb657e140714c3e8f3d
SHA512 1e2ab4baac6458e7149f6bc8a1a649a1e8d7edf41309e0b1a8cbc8f2b392cc8e3ab8dc77de98763ab3879c86dbe6a6207dabf3284c1b7799428a10d2fae612a1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{af16a8ab-b71c-4550-9c43-ff37b77165de}\Settings.index

MD5 6e89eeec56ec057baf9787072f3aa4ee
SHA1 65dfa210105a981a8da3dea1008e1d0eeaf337af
SHA256 aa140df41bf17e2ffb03a8934f9e8675a7ccfe23fa07cc39a35685ec1ca07807
SHA512 8c71fccd24e8b340f479deebd3b05aec440774041d44183532436f905acc0133ee4660d66c042a333d411202011d7d5e5b7b9740af2b505af55b9ed2d4d67488

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{af16a8ab-b71c-4550-9c43-ff37b77165de}\Settings.ft

MD5 05cca5ef9d491f3640d1db368768e43f
SHA1 3ed5bd4fe776ec61964b2a2ad33105d22f2d33ed
SHA256 0dcbbab78cad414ce9ebc49f7643835fc414e934b45909d667a3bdf0061e8af4
SHA512 082a7e969a919dd503b0e2853e3ab2d1a4f029115bbaf373fe1c796bc667c8e47d5c0e850636c1331ab978436d7047343396294fdd8537750fa02469a10bff92

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\OneNote.CampaignStates.json

MD5 f1b59332b953b3c99b3c95a44249c0d2
SHA1 1b16a2ca32bf8481e18ff8b7365229b598908991
SHA256 138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c
SHA512 3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\OneNote.SurveyEventActivityStats.json

MD5 6ca4960355e4951c72aa5f6364e459d5
SHA1 2fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA256 88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA512 8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

memory/6692-12782-0x00000189CC040000-0x00000189CC060000-memory.dmp

memory/6692-12785-0x00000189CC000000-0x00000189CC020000-memory.dmp

memory/6692-12787-0x00000189CC4B0000-0x00000189CC4D0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\KFS6UHMN\microsoft.windows[1].xml

MD5 9916c189745c594aabb7b27107136762
SHA1 39dae460defaa34ddb58f256c55854d0b75c09ea
SHA256 2c8f11f2385e1dafe71764cdf3364d927522d7c38b98650493b7be3ea2470006
SHA512 417e32b93cb6b73c04bcf9987e1a28393ae203fa5a42c2862b22494e637476ce21b1ff65b69774595129c133d2b7e8a1f44d013594b9f8f83aac13c824f202b7

memory/8680-12800-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/8680-12802-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/8680-12801-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/8680-12803-0x00007FF81B8D0000-0x00007FF81B8E0000-memory.dmp

memory/7324-12811-0x000001B645AC0000-0x000001B645AE0000-memory.dmp

memory/7324-12815-0x000001B645A80000-0x000001B645AA0000-memory.dmp

memory/7324-12818-0x000001B645E90000-0x000001B645EB0000-memory.dmp

memory/6744-12833-0x00000158F5A40000-0x00000158F5A60000-memory.dmp

memory/6744-12838-0x00000158F5EA0000-0x00000158F5EC0000-memory.dmp

memory/6744-12836-0x00000158F5A00000-0x00000158F5A20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f618bad8355d2f3f95413d339bb9b281
SHA1 69feb1b97f67ed2165487fbfb04522ab24bbca0e
SHA256 e29b868f9ee332632111c177be8741b339d9554596c384538a115ef06711c28d
SHA512 c61ebff3c39a25e9eea9403b07e60e16ee53e01032027b2ccfce40f40b9af9d1cd06ae95091046c2a2c8ded6d8c672773e54073189efacf9caa27866b30e8d3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bafbf5ec8dcfa4d625c73a531b2191dd
SHA1 a4d4de7016b19932d90e6fcec777ae7dacc6c68c
SHA256 73f6219b7daaef8fbfdddec9056fa23867e3378d220fab6532766b5658922e8f
SHA512 6b7e55fcd76f192b6ac01c2e94d04babe86fe4bbcd72a865eb16de4deafad816c440935822b3b51bd122c0c6b64511368ff51f3bb65ae7637c9ceb120437ccee

memory/6120-12866-0x000001B5799F0000-0x000001B579A10000-memory.dmp

memory/6120-12869-0x000001B5799B0000-0x000001B5799D0000-memory.dmp

memory/6120-12871-0x000001B579DC0000-0x000001B579DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b490731fc5f698cb77a24f9ce8df60fa
SHA1 5f2aefd19a9636eb687cba1487a100f4a535a694
SHA256 47cf518735b0a57664827e32303921e7d5d0440dca51d6f09897ee9b6242bc1e
SHA512 9087fefb3910fbbe056565a5cf786248a2245ba03ce95f443dfd345727bfdfe85af6756b8ee1d136c2bb4f71058a2c7e02871ce7b2df6cb3602e1c3bc07f1551

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5b323ce6ff532582c85f790d643f71f
SHA1 f036609722ed48fad00e7f8dc3a974d0ee8e405d
SHA256 68225664ec2aec8b6e67eadbef713796614e53521adf8b0d8722de03a3e4b853
SHA512 d9c6eb16f875dd1bf3c976a2a9ae35783009d49e8c3ac88c960ea7f41fa22be5881120b944683211a759ae51f4de5d9d41c1880d1f31fb2d4997ed4508846143

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5854927c5c5ab6c5471a5c5ece729d79
SHA1 88bc3f40e3c82694b2fe5e31096c30eabea1ecae
SHA256 7709549a395b3ad6114fc38bf76c0834b3036872c02cf7e28d8287f13bb826ac
SHA512 af892dee2519ff86e457b9c5c4ed68ab97d73c2d37dd0b6e1e4debc6a1d1548612d23f765d7d12e602d07fdd9749ef97c9cbf64a3ebc7240e0ae7fe496ffc65f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d772d56b0ee167c407c5f230ef0d5a9
SHA1 ee3d762f72dad544768365b9fcc68f724526e4f2
SHA256 88089ec5b2bcc343b1e0aa455e5397897cb21323b1aaca1f494431c45ba3de8b
SHA512 d8f26f30264b35370fb991032af8561d14cae346e54bdf6576753de1e6cc8585976b8f07339bc5b8d92b475c5ed6a8058497287eb802ee140b924691fa85654c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1493d6b5e55d169a628798864415f44a
SHA1 57aa1e712f588b5023702cc2f2ef8b2202554446
SHA256 ccc106589c85a34c0ddf2b7e7f08c20992139b96d945a6a7f1985ed93700be83
SHA512 ecd3e092611e9180970b31aa644d4c243ba3e891d771d426de1bc9e6b9197f68f278bf972d6f0ae0234c053e3b0c2a5400563ef7ba855cdcc49ad89e78f81663

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 81f57f21aa35cd6ebce0c24d141cab42
SHA1 fa4407162d50879695a80a3c6956db7d63158d13
SHA256 ced92155857be4ce29f2f94cb8e42dd76f130a3351096dd199aaf684e61e35e5
SHA512 2b46015284691d8407bfd33898d05e507e35f9f4c25099b867d8a02f2fb4fc30dbf51cb9f4e2f6214f8f9a2ee44d815ae697b0f98b79adc2ec18c4f4161ac73b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 abf4bef6a03fc10ebce2f4ea4bd86980
SHA1 f651ef018e7b9c4dc8efee85152a7b7ac3334499
SHA256 91273483a083b1e4c5292b57c29bd52a9f59bddfa210dad5166e0c54be9d64e2
SHA512 322e940d1cbbeac23b7012c631ef684ad47388a2e1991738d1fd294508a691c54f30c8b1ba9ec0714f614255acb7132ea64b65c2d3de173227ddd9bd55cce26b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c77b787ab654f4db4a710ccb8a9c355
SHA1 f88fedbe65c5cc812c6344a47b5e6188ec95bbe7
SHA256 dcc557383be01a81da3b4b818c9470a7eedc375a12b5e99e5e54a03766f6791e
SHA512 53f0ed44329e5af7e1e8302a048403697be60a0e1c8089f0925d5c05e7653a9d70dba0eae41d03f962c0b8e9e7678673c3fd471e5f3e0c3034832cf3ee6427e6