lockbit | 707bb3b958fbf4728d8a39b043e8df083e0fce1178dac60c0d984604ec23c881

Resubmissions

17-04-2024 10:53

240417-my9fhaeb8s 10

Analysis

max time kernel
1339s
max time network
2606s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LockBit-main.zip
Size

292KB
MD5

68309717a780fd8b4d1a1680874d3e12
SHA1

4cfe4f5bbd98fa7e966184e647910d675cdbda43
SHA256

707bb3b958fbf4728d8a39b043e8df083e0fce1178dac60c0d984604ec23c881
SHA512

e16de0338b1e1487803d37da66d16bc2f2644138615cbce648ae355f088912a04d1ce128a44797ff8c4dfc53c998058432052746c98c687670e4100194013149
SSDEEP

6144:n42LBVCsV+PkMeW9zTiY/NaQmHst5ySPzmcfIMwmafvR:n4EzwkMeWgY1NmyESPB1/aXR

Score

10^/10

lockbit ransomware spyware stealer

Malware Config

Signatures

Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000b0000000233a9-900.dat	family_lockbit

Renames multiple (849) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation	7196.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation	2301.tmp

Executes dropped EXE 6 IoCs

pid	Process
704	Loader 3.0.exe
6080	7196.tmp
2724	LB3Decryptor.exe
3892	LB3Decryptor.exe
5244	2301.tmp
1460	LB3Decryptor.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\desktop.ini	Loader 3.0.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\desktop.ini	Loader 3.0.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-2177723727-746291240-1644359950-1000\desktop.ini	Loader 3.0.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\spool\PRINTERS\PP8d3ggi59m4fq01gra30idwmec.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\00003.SPL	splwow64.exe
File created	C:\Windows\system32\spool\PRINTERS\PPyo9pui65vwny_l19xbmbn8wfc.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPgoa0kf5iv5_mp8x14mdyunfo.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPj87klwz6aurats3z4c09xcw_d.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\00002.SPL	splwow64.exe
File created	C:\Windows\system32\spool\PRINTERS\PPwuoo4eotksy5fn3sqb2fb9lmb.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PP0jsse037bit2h_lq0ybjk57jc.TMP	printfilterpipelinesvc.exe

Sets desktop wallpaper using registry 2 TTPs 6 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\Jw5Jgl9mC.bmp"	Loader 3.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop\WallPaper	LB3Decryptor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\Jw5Jgl9mC.bmp"	Loader 3.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\Jw5Jgl9mC.bmp"	Loader 3.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop\WallPaper	LB3Decryptor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\Jw5Jgl9mC.bmp"	Loader 3.0.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
6080	7196.tmp
5244	2301.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ONENOTE.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ONENOTE.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	ONENOTE.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	ONENOTE.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	ONENOTE.EXE

Modifies Control Panel 4 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop	Loader 3.0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop\WallpaperStyle = "10"	Loader 3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop	LB3Decryptor.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\Desktop	LB3Decryptor.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578253981478095"	chrome.exe

Modifies registry class 49 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.Jw5Jgl9mC	Loader 3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\.JW5JGL9MC	LB3Decryptor.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.Jw5Jgl9mC\ = "Jw5Jgl9mC"	Loader 3.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jw5Jgl9mC	Loader 3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\JW5JGL9MC	LB3Decryptor.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jw5Jgl9mC	Loader 3.0.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\JW5JGL9MC	LB3Decryptor.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "13"	firefox.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\JW5JGL9MC\DEFAULTICON	LB3Decryptor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jw5Jgl9mC\DefaultIcon	Loader 3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\JW5JGL9MC\DEFAULTICON	LB3Decryptor.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jw5Jgl9mC\DefaultIcon\ = "C:\\ProgramData\\Jw5Jgl9mC.ico"	Loader 3.0.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\.JW5JGL9MC	LB3Decryptor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000020000000300000000000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.Jw5Jgl9mC\ = "Jw5Jgl9mC"	Loader 3.0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jw5Jgl9mC\DefaultIcon\ = "C:\\ProgramData\\Jw5Jgl9mC.ico"	Loader 3.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.Jw5Jgl9mC	Loader 3.0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jw5Jgl9mC\DefaultIcon	Loader 3.0.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\1.txt:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 4 IoCs

ransomware

pid	Process
3236	NOTEPAD.EXE
1984	NOTEPAD.EXE
2908	NOTEPAD.EXE
5436	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
6032	ONENOTE.EXE
6032	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe
704	Loader 3.0.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3892	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious behavior: RenamesItself 4 IoCs

pid	Process
704	Loader 3.0.exe
3892	LB3Decryptor.exe
3084	Loader 3.0.exe
1460	LB3Decryptor.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeRestorePrivilege	3056	7zFM.exe
Token: 35	3056	7zFM.exe
Token: SeRestorePrivilege	5020	7zG.exe
Token: 35	5020	7zG.exe
Token: SeSecurityPrivilege	5020	7zG.exe
Token: SeSecurityPrivilege	5020	7zG.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeDebugPrivilege	4404	firefox.exe
Token: SeAssignPrimaryTokenPrivilege	704	Loader 3.0.exe
Token: SeBackupPrivilege	704	Loader 3.0.exe
Token: SeDebugPrivilege	704	Loader 3.0.exe
Token: 36	704	Loader 3.0.exe
Token: SeImpersonatePrivilege	704	Loader 3.0.exe
Token: SeIncBasePriorityPrivilege	704	Loader 3.0.exe
Token: SeIncreaseQuotaPrivilege	704	Loader 3.0.exe
Token: 33	704	Loader 3.0.exe
Token: SeManageVolumePrivilege	704	Loader 3.0.exe
Token: SeProfSingleProcessPrivilege	704	Loader 3.0.exe
Token: SeRestorePrivilege	704	Loader 3.0.exe
Token: SeSecurityPrivilege	704	Loader 3.0.exe
Token: SeSystemProfilePrivilege	704	Loader 3.0.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4404	firefox.exe
4404	firefox.exe
4404	firefox.exe
4404	firefox.exe
3056	7zFM.exe
5020	7zG.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4404	firefox.exe
4404	firefox.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4404	firefox.exe
4404	firefox.exe
4404	firefox.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4404	firefox.exe
4404	firefox.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe
3892	taskmgr.exe

Suspicious use of SetWindowsHookEx 51 IoCs

pid	Process
4404	firefox.exe
4404	firefox.exe
4404	firefox.exe
4404	firefox.exe
1160	OpenWith.exe
1160	OpenWith.exe
1160	OpenWith.exe
1160	OpenWith.exe
1160	OpenWith.exe
1160	OpenWith.exe
1160	OpenWith.exe
1160	OpenWith.exe
1160	OpenWith.exe
4404	firefox.exe
4404	firefox.exe
4404	firefox.exe
4404	firefox.exe
4404	firefox.exe
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
6032	ONENOTE.EXE
2724	LB3Decryptor.exe
5588	OpenWith.exe
5588	OpenWith.exe
5588	OpenWith.exe
3892	LB3Decryptor.exe
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1060	ONENOTE.EXE
1460	LB3Decryptor.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 3708 wrote to memory of 4404	3708	firefox.exe	104
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 520	4404	firefox.exe	105
PID 4404 wrote to memory of 4860	4404	firefox.exe	106
PID 4404 wrote to memory of 4860	4404	firefox.exe	106
PID 4404 wrote to memory of 4860	4404	firefox.exe	106
PID 4404 wrote to memory of 4860	4404	firefox.exe	106
PID 4404 wrote to memory of 4860	4404	firefox.exe	106
PID 4404 wrote to memory of 4860	4404	firefox.exe	106
PID 4404 wrote to memory of 4860	4404	firefox.exe	106
PID 4404 wrote to memory of 4860	4404	firefox.exe	106
PID 4404 wrote to memory of 4860	4404	firefox.exe	106
PID 4404 wrote to memory of 4860	4404	firefox.exe	106

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\LockBit-main.zip
1⤵
PID:552

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.0.1401501419\493764206" -parentBuildID 20230214051806 -prefsHandle 1792 -prefMapHandle 1784 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3b2a7aa-f18d-4625-b06c-faf6d9bc7788} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 1884 1a72c40ab58 gpu
    3⤵
    PID:520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.1.1125978109\684231482" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87a1bed1-c0ee-4e8e-88d9-bddf4d0563a4} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 2452 1a71f789658 socket
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.2.652438884\2086245579" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2804 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd9eb2e0-ab3f-4156-b34e-d24f2dff005a} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 2964 1a72efe7e58 tab
    3⤵
    PID:3148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.3.717570756\606687201" -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ebe766b-f407-420c-8f1b-5123f9e1b3e2} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 3676 1a71f73f158 tab
    3⤵
    PID:3864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.4.2116036823\586723316" -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5172 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b60a6d88-e172-4f13-9f13-32f89572fd24} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 5188 1a733006b58 tab
    3⤵
    PID:3916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.5.2089756564\1461020713" -childID 4 -isForBrowser -prefsHandle 5364 -prefMapHandle 5312 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ea37c23-e55e-4804-b68f-aa70192d7232} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 5348 1a733834e58 tab
    3⤵
    PID:1116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.6.1815643479\1508509436" -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5608 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f82fb931-fda1-4813-9b50-5816a692df94} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 5528 1a733833958 tab
    3⤵
    PID:5072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.7.1141459409\329077273" -childID 6 -isForBrowser -prefsHandle 4996 -prefMapHandle 4992 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d31865a-a639-4627-aa61-313aae531926} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 3548 1a732e61d58 tab
    3⤵
    PID:1636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.8.1312850386\2143032026" -childID 7 -isForBrowser -prefsHandle 5748 -prefMapHandle 5752 -prefsLen 27962 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f46ed1d-56b2-4f30-a46f-dcd20645b42d} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 5740 1a731153558 tab
    3⤵
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.9.1669480886\999257949" -childID 8 -isForBrowser -prefsHandle 5328 -prefMapHandle 5696 -prefsLen 30431 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26529ecf-d1b6-4478-8444-6221f67b2705} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 5228 1a733624c58 tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4404.10.1429578274\1874074233" -childID 9 -isForBrowser -prefsHandle 5484 -prefMapHandle 5496 -prefsLen 30692 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9146a037-e5d7-4e00-a9f9-1d2b69dc1cd9} 4404 "\\.\pipe\gecko-crash-server-pipe.4404" 5432 1a734d90058 tab
    3⤵
    PID:4448

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\1.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1160
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit-main\config.json
  2⤵
  PID:4368

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-main\Build.bat" "
1⤵
PID:4532
- C:\Users\Admin\Desktop\LockBit-main\keygen.exe
  keygen -path Build -pubkey pub.key -privkey priv.key
  2⤵
  PID:2236
- C:\Users\Admin\Desktop\LockBit-main\builder.exe
  builder -type dec -privkey Build\priv.key -config config.json -ofile Build\LB3Decryptor.exe
  2⤵
  PID:2496
- C:\Users\Admin\Desktop\LockBit-main\builder.exe
  builder -type enc -exe -pubkey Build\pub.key -config config.json -ofile Build\LB3.exe
  2⤵
  PID:1160
- C:\Users\Admin\Desktop\LockBit-main\builder.exe
  builder -type enc -exe -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_pass.exe
  2⤵
  PID:5108
- C:\Users\Admin\Desktop\LockBit-main\builder.exe
  builder -type enc -dll -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32.dll
  2⤵
  PID:2996
- C:\Users\Admin\Desktop\LockBit-main\builder.exe
  builder -type enc -dll -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32_pass.dll
  2⤵
  PID:4408
- C:\Users\Admin\Desktop\LockBit-main\builder.exe
  builder -type enc -ref -pubkey Build\pub.key -config config.json -ofile Build\LB3_ReflectiveDll_DllMain.dll
  2⤵
  PID:2564

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Loader 3.0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3056

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap19045:78:7zEvent2289 -t7z -sae -- "C:\Users\Admin\Desktop\Loader 3.0.exe.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb57c3ab58,0x7ffb57c3ab68,0x7ffb57c3ab78
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:2
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4356 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=2000,i,13544104668507231936,7596566496447713347,131072 /prefetch:8
  2⤵
  PID:2588

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2328

C:\Users\Admin\Desktop\Loader 3.0.exe
"C:\Users\Admin\Desktop\Loader 3.0.exe"
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
PID:704
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  - Drops file in System32 directory
  PID:5832
- C:\ProgramData\7196.tmp
  "C:\ProgramData\7196.tmp"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:6080
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\7196.tmp >> NUL
    3⤵
    PID:1004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5836

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
PID:5992
- C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
  /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{02AD02EB-4FFD-449F-86AB-AC867FE76A0A}.xps" 133578254863080000
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:6032

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Jw5Jgl9mC.README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1984

C:\Users\Admin\Desktop\Cheat\LB3Decryptor.exe
"C:\Users\Admin\Desktop\Cheat\LB3Decryptor.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5588

C:\Users\Admin\Desktop\Cheat\LB3Decryptor.exe
"C:\Users\Admin\Desktop\Cheat\LB3Decryptor.exe"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
PID:3892

C:\Users\Admin\Desktop\Loader\Loader 3.0.exe
"C:\Users\Admin\Desktop\Loader\Loader 3.0.exe"
1⤵
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious behavior: RenamesItself
PID:3084
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  - Drops file in System32 directory
  PID:2560
- C:\ProgramData\2301.tmp
  "C:\ProgramData\2301.tmp"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:5244
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\2301.tmp >> NUL
    3⤵
    PID:488

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Jw5Jgl9mC.README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2908

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
PID:4276
- C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
  /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{C28D3745-5E37-491F-B9C5-62A780483402}.xps" 133578257936570000
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:1060

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Jw5Jgl9mC.README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5436

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3892

C:\Users\Admin\Desktop\Cheat\LB3Decryptor.exe
"C:\Users\Admin\Desktop\Cheat\LB3Decryptor.exe"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\CCCCCCCCCCCCCCCCCC

Filesize
265B

MD5
08ccc583328e2624e7eefc639c9617af

SHA1
ff97c2858a1ff0cdf96af5afcd94b51374a7b77f

SHA256
4c1321f7d26c42e3a39a8d3a0ab71c8a639d23682352a2c611de578c1e428663

SHA512
355c7063200a68817fa84e2769c7cc08f33c86da0e42f51313ac0cdb345bb2069116e2ec5ecd3b6572213c07c0af3e5191b08001151b490a4e1004456564aa08

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDD

Filesize
129B

MD5
7924bf93c1835e06186bbd19693c3e66

SHA1
3df67127a0393413d967bb2140abe5e13a2061a8

SHA256
6a3f4fa12af9052be398691b32142951c4a34f032ca47624522b41d6c59b853d

SHA512
d356cae07e2d8fcee6aa6c42699679d4deae279a23a2acb434938efd33ad246660288628be1699759eb4f51d371a37c84919394fce18775948de009591b3f465

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
112B

MD5
46e80bc13a56e5943f356f99b982340c

SHA1
bca6648fc7f88df8c4bede937d3bef5e16020ab0

SHA256
b7099b8ee3fb8e48b4a1a304bd687c07ee5b886e0bc1a22df5b7bd184b954ed2

SHA512
1f6cd8ccec3ced33d67036778f52657bbddd5b6ea3bee22237538e3129e7174fd291c6d1e6338285d13ff48f42b908850144e71f0aea928d1b0bf21a1759d376

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
146B

MD5
fb60ac0a94f7cb8294ce7fe822eb80db

SHA1
d670e50784edd5758e4b4e22c23512262bcd03cd

SHA256
26603d8f484cd744eb67443713270e963a46995c8f4438113c6d49ea97986534

SHA512
02a78c3f7f02c4f043c67adcf31d7bda1b099b0948c71c4c9cf647f1854fd9f254a7a6388ce8ccd097af1a2f03809465b42d79d55668dbe8d38f5f36dfdffc4c

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
120B

MD5
12ce54727326346c73eea631d7248221

SHA1
b2469b83ea5a5260477e1b326f258153f965872e

SHA256
6f32695c3239be0ae5d29a0a4b2530594567acf6907056ae65ff4d0ac1a0ee60

SHA512
9acdcb037ca9d13d4d7cc7874d3f575e2b8e11c0e40eabfbb066bbd5ed3c0e0b84f469d3625c7885f46867b559b9b3863d11c055674fdfac2021a24f30265eb0

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
130B

MD5
dbb2f5803342ab54b44b6e512344181e

SHA1
aac7239748d0612b84dc064c06e5cf8dec736d57

SHA256
19b4f880f1da8896cd9ff217521358bcdfeb4965907f69d946d988be9004155f

SHA512
4c574db5575e051df182022e37ffe65a85110b7876b9f6c97b5c6db41d51f2ae9f9d5b1fe8b684708d1d1bcc7f5309d74cff00c3168ac3634d9c33d038c742b1

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
128B

MD5
9d454dd19d3c614274ad39c7d7244731

SHA1
69c5b3fb90dffde5d3338c9de6eba8c1551165fb

SHA256
0ac62f58a06d0e99c7b65e14fd4f45cf54a5ccbb0f6071687b3b589368163c58

SHA512
2477c41e91fa56b9dc822f92ff675166a26ffcea40ffa9171e56f44148d95946a978319d55ed7e27cc093eb2665c7a29c78dacf18f2ddda3fcd9f23fc3328993

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
147KB

MD5
3ff874a4fe1f3042866c997e018de598

SHA1
f1ff9a33cb0a13d73435e22196a8336997a13b9f

SHA256
b4c0c8b6119a4636ddc6c0f4fa1107618a42dcd5f8e358bc2c96fdfae6bae1b0

SHA512
ba94873dc3f1285f75050ce67ec50ec5d499647e189219f0b62a8bcc546e20c732f5561dceb1784697ced64d723804855b983f08d793c185e6597a8f30f65c8b

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
143KB

MD5
4cd3fcbdabc8f81baf3a1853afa4b913

SHA1
a12b94be96f05c09c6d996749b65a61b95bb1aa4

SHA256
6c9ad7e3d86d562759fa554e7ea049c848826c43748f8880252b9382b60a65fc

SHA512
9ed219cdde12cf914cf64dcb418b726c9bda61817128dbee54d2fd7d3167ebcb81389c3cb052526b29687f34e2391cc1ab4a8f2d6c8d75a538d5e891c8cecd01

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
145KB

MD5
f291bba283b9b54ab79a8aa657e949e6

SHA1
39444211ef73428ffbcbf7039f63495a6f5ba5bb

SHA256
1d787a2962d662c6b84d798a1b74575c82c3259b00e311887e0a22a2dee912f1

SHA512
c40c6079c80aa418682674cd2c55b69cf836af5e97c6c309f6c914acd69f85cbb1fe7e996f4b1dfe5c5e777d16c2c8d9f51ef316d1c43ffab6a22ead1d404e2e

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
141KB

MD5
6c039c2af1991f2de2b065eaacd4adac

SHA1
a19c12b83f830ea85721eb5bae36d584db0c70cb

SHA256
345f8178520f5c9f4b9052a7fe6e56ce076fc5ee02066b7adfae1b2be3f75563

SHA512
30e128cf08b3b6bb7913b62c8223ad93fdcd3d380f8e993ed67047a071492e0615604521e206e57119a4bd24e1ba7fab2c5a0bffa7359f3a3620ff5c156cf524

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
100KB

MD5
f13f491202b642d010df73d0a917440c

SHA1
a8fc20a63be5e36786ce1cbbcceb314a82309abe

SHA256
8b1ff0fc250e86ea82973c16c1ed5162a8cca278ae721ecfa16ac274ac6b6590

SHA512
ff41e985aa19e66e168004a5bc4de408fe7ba5a6dc02324b97de293bbbf9e12e8066242f4ba89ee05390333025d92e20d874b5afed1c343073dac9bd5e685ecd

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
1KB

MD5
0fe5cbed7c838a742c96a5caf71bc1c8

SHA1
3b375b9b3d507f0c4c5efb31ce5f5ef34fc023dd

SHA256
25eb655c7c6f682f60a794f6854f0a6d8792c027aec29b7b964579d31de0f713

SHA512
33d1fb7813f3e981708f453e3a6db45b1b0ca8fd8242c7ef8613bcf72777b41628f317cd1d5149e294cb27c5ce2e81e967a452847a8cbd3c6b3fb205def8b891

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDD

Filesize
102B

MD5
446ceeabacf15e266e8641301ae9cefb

SHA1
28004fb0e081625209ab4c4654b5d33419acd911

SHA256
6f78a0ac6e39510564b311df4fd34a35c741a74c69bf4af79240b2dd1ad75bca

SHA512
7fe154c0aaf0b5906fc5b08c2343901941398498b42a727d817ff006ab41c2c63f3b50214a5a3d88fe29040be7d85c0d1e68e7101a8885325051dc12f80fa690

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDDDDDDDD

Filesize
140B

MD5
42dc893246424c28236725c721a3eb88

SHA1
790c409e44f7ffc46600f54046061b96fd890736

SHA256
d6bf56f54eaea984494db76fc55210352543b23763894b210e073e1993131210

SHA512
ca5765b91016d85801237295c94e171c821fcacbd681390023afe8dd1672ef6f25e4c81f953a9a4861fc26fa758926e060264576578435d981212ccbf3264a2a

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDDDDDDDD

Filesize
140B

MD5
7c85eaac038da95b2e2ce33500130718

SHA1
90733b910a3fbf1ec285efd777ea29fa76a6e5e3

SHA256
fe7af5a37aef926a3e5ee73a4be078187314502ef2789615d43e6603e29d1c31

SHA512
2637951ba9d414ce9739bb2b74b0c55951e0593614c65997e997e3c2cdc054fbb13c01b59fd05387e09cf17357503f98b14cb9dbffe1bdd5bf69d2e9846eaa60

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDDDDDDDD

Filesize
142B

MD5
e611457442716f68df786aa393677043

SHA1
c177984179a9867ad56ab4ff6e86f130dcb710cd

SHA256
7f4bcd20fa0116c161f3e3560997c54eeeca81733fbec3d62d54fe5d29bd846f

SHA512
effdd03e991d085c70abed9f135e04491a4fd045844869c1ca3d34fe826147919957dfe585c81b8e871dcf82a1dd7c6484fc9c062d2cbe35831c6e0bb0c51a0a

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDDDDDDDD

Filesize
2KB

MD5
e325bb2520697c2badbe4cb0909f15d9

SHA1
e63590296aa1748216a689b2e39575c88a62863d

SHA256
d8a62ed863cc40133bf7908a4d68db80e3be1bf73bbf6d12475b8662b30aacf9

SHA512
1905be19b6cc03873a87d9ed2e94e13923b9daf6d207c00c719d99739d55fa6c254aa8baf12f60e3ed3ee7a0e4618d99d011d95179b20b59b88a9f93a4dcb210

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDDDDDDDDD

Filesize
2KB

MD5
82ca66d4e0c18e9c60a38eb48533f820

SHA1
bb89798651a3f1af5d3ec6bb65defa624b3347ba

SHA256
1638e3af3d14a8a731a08bde09d691a7d258f66f7e9058d3a335758e0b7ce62e

SHA512
7b7bf91571c7032d2744b45eb0b5cda69062f7985f85d8e0fc54de58a00eec3a08bce37e6380cbc61a255fddfdb23519340efa8583f8de4b195f599a051c9503

Download Submit
C:\$Recycle.Bin\S-1-5-21-2177723727-746291240-1644359950-1000\XXXXXXXXXXX

Filesize
129B

MD5
79bdd35d213b9a75136a7930c5baeba6

SHA1
230ec6a803d5a105c9e273be6065266cad2a6c53

SHA256
bd837aee309d5136cf4251cab2f217786c686f21e05e046d6feccd868cd53c63

SHA512
dfa7bf132478544eacfc96aade1770d387b2ddb94f2529b874001b7c2b6f3e73d0f9ab1b35d044ccaad4f88cd5e360d75e4709893637df76520d467c95c0c3da

Download Submit
C:\Jw5Jgl9mC.README.txt

Filesize
1KB

MD5
8b28296a2c168d86adbafc888d0f95f0

SHA1
49d6b109bf24f39c2c0f62c0796b8693c0bd99e5

SHA256
7b3daacf846fe79840647e67d9c5226a7fda47d5b32c24d874654e8ff78ffcc9

SHA512
b0f0e0a6f2962250c3b9f87637854756e7a0fcde561aae14654d0dcd1e1013876442c0354e41c5bc8e3ef57f170ac2073874ff22fdc5656f62f930350f9df6ac

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

Filesize
3.0MB

MD5
d1dd210d6b1312cb342b56d02bd5e651

SHA1
1e5f8def40bb0cb0f7156b9c2bab9efb49cfb699

SHA256
bbd05cf6097ac9b1f89ea29d2542c1b7b67ee46848393895f5a9e43fa1f621e5

SHA512
37a33d86aa47380aa21b17b41dfc8d04f464de7e71820900397436d0916e91b353f184cefe0ad16ae7902f0128aae786d78f14b58beee0c46d583cf1bfd557b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5b232f2ec5e33f7709f554291a0582c7

SHA1
8e09d16cdefd7434b6626535778c4d6aaa94502a

SHA256
539b48bb8997ee07f386d39e50b64b6a7f14ae24e0fd7c49a5d72e387860d5b5

SHA512
570f3bde7f527c8af2cefc04c0bb7d9024c2836b328a25dd50546cffc192d8256a276c6e8e07c0ca5afe06af86b819569f25ac6213e006588fc7edcc95e24d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b15c25219c1901e4e3ab2e9bd273eddc

SHA1
e8280b07520f2da8f0d171344cd57c7e1bf03341

SHA256
0db25b31f4286a0f2f60e74ebfd1f705f78ff28fc6a894414c23b97b8fc18197

SHA512
f1df3ee254693d3ed1108be9f6b28853a49c1c6319de39d5c7ec7e87f651b2ed2369ee97e89f7139607112619a1aaa792ac8d96fc777ca5c51fc5771bd3ebc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6856187306ca870dc29ea078606f9e03

SHA1
e582ea8daee4ecfba90d62cd1177aa62b18b96fc

SHA256
03b605d4649ba2d68f50d13f02aabaf067f4b13eba7b9803333d832d58364ee2

SHA512
5b2307ef251f5f51e12f9d8beb92084ce69fa950417c68e608e6204336aa18ab64a961af625b56db8f18c20607b47e6efbefb8d6f2e3208134841b1b990484af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
703ab1641cd9d47b369b09c2ef6b6103

SHA1
ff4fb298e20fc51882f88fff558dfeb2aa45c161

SHA256
0b00ade853f536219c925090f57b71e962f63d4107a56a9968dbda5511c8bb99

SHA512
4cff54d0b2af49406560580f9700876c9b2df65aa731576c64be643d035c182a77bd43bae9576a029837d31c4e926f7586a03dd71a079c61edad01c727e9a134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
407ccb9c99fd191bfe16d6cb00c532ee

SHA1
983e19bdb8acc10c9bc607e9c51061e4c7e0cbb1

SHA256
7c18976c8018482cdb913a811edc3c22ad3a21e6d878d55231c2297b9dfc2248

SHA512
7ebb73f1f78902f8c9279ab97ba84a8579ec617f04b59c37147e2df22cb1d803cf0d5840781a83e35b678b9ad77b59fdf99e67395eabd6343816ef0e94134038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
f2c78481fd7713ea23b9a0053b1a80ca

SHA1
08c223be785d8f048f1a684dcd513782ae2f155b

SHA256
84018601bfc8559b7aeb9734d1ff9ffe9fecf7c992d504a290a1d169c9517752

SHA512
3fb5b63e7f3dd35ee979e2dfe50814a02e57e37021a58848126bd4f8d8881945e0f0542b41744d77c363e2c0f3951741469e1b295b97929ecc58674e0f398ed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
f62f5e20b547d923b4d0c8de3b807b0b

SHA1
d936cea586b4d1fa94ed7220821d0647e97184bc

SHA256
5445bb30d9e8c026dd4c6e6cf72688e40ec6b7e530938e8da8e68b99744570c4

SHA512
17b463f1f034578c01cc94b9afbafb2341ecc3787a595d207f9873cdbd8e4438ee932c4f74f66ed599115bc6be68461904e6375832ea2792d44a0f21b03fb46f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
28KB

MD5
ed307321bda65d8a205ddb6dd3435a34

SHA1
afd6b6b6236419a4a2f756f0fa6408a0cf967c01

SHA256
4d497cf73a0e21d0953d766293a3b468e0d1fbf5b1da4f695cd8c88e454b2b2a

SHA512
318b1ebf7d0e903da86b58c1b58a8f28415c50487431614567dc175e4a99a6fa066ee4acf9ccc27b6080094258f77167ce309b2e60e69127c5daf7641eb45ff7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
dc2e59ded8954c14a44f3941048d1b02

SHA1
81158da8dc30a6883993503c19abfc5d9c39d5f6

SHA256
2df306f4129c469387ef945d25056ecb892ae570f191f47ec7d50ed6ac4a3bd4

SHA512
712d2a4ae955195d9821e134588e38c2f8ed0414807bdba099f2e95cc8101a4bf64add7bbedd6f0b2f6fba03cb404e790f0f758fbdeebd43ea52d311a9f61af3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\doomed\24565

Filesize
10KB

MD5
e9cd654a264198e63ccb582ab0146830

SHA1
071c4959200723639e8053f3c051ec23500c9134

SHA256
383721037e3743e94caae792ae46ebc4474ad9fade116261fccd34fcdbb8175c

SHA512
12cc1b41d661e3340b95258353d33959b4bd645653c8f05277c2a6a740f559b4254ce8c63b1e670d876f709f20b35f07671fa08005b11d4e349b935ee3e20590

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\046F58810902AFE5C8DAB3BCF3F338CA6CAA29E6

Filesize
47KB

MD5
883f297fdc431364c9da937aa8599ffa

SHA1
4c9bc63146da4151940ad28e75d4f1f0995b5694

SHA256
3eca255cd267f4d0a6b11a2da28262580e77f079925df2639f65ed6db53da311

SHA512
c314f40f1408b2d034c4105cbce09968b3962b36491110171a5d309516af5c27936f90abce424791e64569a7db893332155d90d79def6463effdbc3e0a83456e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\06283131E8D5A93DBD1E7B95A0455D65D3076938

Filesize
26KB

MD5
76223fb78ac392c8c95baa63e36e04ca

SHA1
e5d665f9f1323c5569acc477b11bea6b8b21bbf6

SHA256
e53dfb1dde805acd8c45d931471be5955d714d2d29b2f04858de12dcc443e47b

SHA512
9b57fa578686292d1bdb727e9951554ee8a4855391929715d80d739944e96a40aa567f77caeeb51a77145b87a9d0eac6b0f74197b610cc537a7e432861e0e373

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\0857593FA63F2F3DF9DD42474BF1C2211531A542

Filesize
39KB

MD5
77dec4c48f2a69d46a99d60984263316

SHA1
c6907b9cbeeae74f3f4f5a55bb16fe35f74ad393

SHA256
e67badc0ecaefa9cfc655878ff2c08cf1b0329f3fee3d0a2b8c2864497159d23

SHA512
26e61fe4d068516862839aa8af390df18f0fb9d03809088946b769bc4fc18ac648101cf7a46e947a147969a3b1f942781f41428a8c8cb6ca21ce10988292f146

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\1052EE71F905337462215141CC5283E9053F81FF

Filesize
36KB

MD5
a66fb99392c5513e0b4363f4f9398d73

SHA1
e821e6b8174f0461e9d0c5f23da38bdc8aa28bae

SHA256
3179eced96c84b2792cf6871fe33d118462e2456ba4c186d94fad10da5d66457

SHA512
e660d50503fe146a040b23522dd3b262966fc2258f949ba2a256765ba8c88bac46000d4e5ce288791f82b51e8954d9faf2ae3e4508102e77aeaa98843cf38231

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\180C4B648A642C379C51987044B2513F9AF5A7B1

Filesize
80KB

MD5
8062ed8296bd90e0b27e23f6ee60ba1e

SHA1
dff2ecee9c1682a5d03b749afdb5adbc4b6977eb

SHA256
ed95f0655b00c4650122a11a8f2318194e45aaa4b67895dd88c6d3d7e3fe3194

SHA512
f733e125c2f01f2679777d06d39d57c86fd8b20ee72cbda2db3b2f80fafa9e4f45eb23c515abe98767d951b98a34f9b2f682c360114dd26d163ba9e4fe7cc4b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\22BFEA74729647D041BF965A74232AEF5E717FF9

Filesize
14KB

MD5
a62a3c866b9c2195a7e39462b37b185f

SHA1
dae7ba3953a715b26e28bfa4afbb67043946ec7f

SHA256
e867b8845c434b255f77e70f4cd458f137a0cd75025e74b502533e4f73f8b8f1

SHA512
1c8c86c4298206725fb357086137b76bc16fa54c2750a32b8b7b266a798edd360a5fec2224f968af045f86b6004ab0579bb3f8566435dacc67c6d1b65d9fe35d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\44A289D0B6422B62C38C984502B55F129E5A95B1

Filesize
51KB

MD5
2cf676e83c56419ba92436645b27964d

SHA1
bc16f51f81c9362058de026e99009b8c1bd7ad1e

SHA256
8454f913b599d003c2c5e7c4a7c159b3f05738588e7187e1502aab0cca5bf838

SHA512
1f2c2b58ed4bb0cbe37670740f5244221da68edb2be5c1fc10902f265208a12cfa661ac4c7f6455b0948bf42452541ff970fe0837176063dcb698b7cd6ecbfe2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\4EF872EE09B1DF73CD97CAB15326F7F75C4468AA

Filesize
39KB

MD5
2495aabc25b997bd76c94412ccfb31a8

SHA1
97fd2dfc50fc3aeaecacca214425176022783eef

SHA256
6bb522905792224f967767f9a0fb7935c49b55975c890da3fc617f076c7fdcff

SHA512
f560606f6eb57ba51a48f98738593fa0e4150fad62a024483781d89f5ea9a23cbffee1c1dd392246b8b64bb850849cc44425d0eef32eea2e5a7c9db1c4854101

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\7456E076919B15694C935645236B74AD4AE28128

Filesize
65KB

MD5
35b4a4cba299228d4fee1b843b29c0df

SHA1
b254f6bd03918b2e5ef2f4e116bdc4a9b7708726

SHA256
acbc8def5c32c4c49c20c98f1a57814c1805eb7c972fec9a10976bc0bd68cd56

SHA512
9b7182c15dccbec0b6ce9f69796cd30a55511071060eff7a268194de531c1c6e5fd2610f1cc8ce849c9e77ce461cff660da6d8c98cc68b9fbc7628e6f8119e10

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\832E685F138D238995625E9EACA9527E5B5EA26D

Filesize
12KB

MD5
3796cf643444c6d6087e19fb382d9915

SHA1
2b9bec0ecaebaf5d1f4210391dbf7203d9e7c505

SHA256
9126fb707e52e026280d406370b3fb606f532d4c1d76504e24be042ba51119e1

SHA512
147a17a3be8d4f87d849145db579dceaef0b01f0fc13418e3ca1488aaaad735dd5774ec26e8ec07ebbb293b9cc80af816d028d876aa1952592289b02762ea8b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\853354FDD8F5A266FC96552229A0E2E4624D8435

Filesize
27KB

MD5
91041211d5f61fc211b4788ffe6c422b

SHA1
a812e89ba48f6b81a3c20b525d8665de4216469c

SHA256
242340386a5f71ee67b83c2ae1d986440e831a3b6e9345f8f43521f1229f6120

SHA512
92a38093cb6faa9deb438f460a56f1b163e0fd4a2a0fb7f4fda7d64dd11a29999e12043bdaa6dad2aebea6a1fe27b7c9e823c49abd7293509a7a148b4c6b8c89

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\9229E5A0FD850E8FAE75B7BDF609189FD0060806

Filesize
13KB

MD5
86794c05177514cb59ad30077861bdb2

SHA1
c2e10a2265b83d8274dbac9623732531034a6eb1

SHA256
f8302b81a39801811d756214d755db428d6341e6f5004029765b90e2f46ea943

SHA512
fd91d8da4fd0a868db09f98407a1ef777f3dd46ec5d0b1d8b0bbcfef5c380114b29921c90afddcfabef809ff1e0d8a2afe7f0eabaf567f7a61eb6048f4df3781

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\9A9D40B000E6FA727B438E97C580F4BC35412E67

Filesize
39KB

MD5
e0800d75dc89ce2a5be7814ab92a72a5

SHA1
fb5321b07557afe54f082aa15a8c81b56d84d6e5

SHA256
c03cd9b1d1b526803785cb895812f38444127d4d9064c3d1e7df3f326180548a

SHA512
2e27f1fd31aae80d36d311d2ebf818aa20443ba8681235532a441ac0a7d94e870ca56163e858d37661179380a0e9c07aeba1a724870ef15e82a4dc46c2125253

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\9B9CC49FD67BBEA92D3B4E094DB088D06FBB4A7D

Filesize
16KB

MD5
39e835542ff2b0ff93da48ac89f7aeac

SHA1
4e80a5d48219269c2a09242d83ac858358a52b65

SHA256
febf81ae2c8b4045f05d50db1f58c50c33ebfad06510c5fe588fdeb540157983

SHA512
0efa4d96da0e37bba1e005bf6455860234d7d876957b0d088225eda157ee94ea99e83b1c2bed4757f9c8474e5d64c9511b644a08c6c56adb2b52a7a78fc2ccc8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\9F756F08B275E382448912502A25A3464477152E

Filesize
75KB

MD5
545c0df2fd0aa7d7746561cf197ba791

SHA1
c7c3e526eb455ab6a68172f1af20d35884537389

SHA256
b87dd1d34c7251eea9466dcd397b0293608203dc9098f8083b3b793a0b881660

SHA512
26e46c2f60761d78351b74b452f6e62cf2b0e607a41069b8fecc82a2def81364abfcff7ac689c225c21fbc3d977f688ab9ef19b83fff9bc4e8982b7e23cc8866

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\A009AE9C8C0D6E0D0499070EAFA5DF3CE804B7F0

Filesize
13KB

MD5
593ed2dab2cffabb67ce13cdfa226c6f

SHA1
bd0d3676f55bfb25502d2e9e7ac3bdf6aa3b84f1

SHA256
c6b000b23e8df324a3378ed167b421d8b898752edc70d3f25e30a5849a9207aa

SHA512
4472832b5ed74caa9a4120ec5b12a45d9a79fbc4b64efee44ba2e61078d7a6e2db698b9b75641d249a019fa89d8aaf12452157030da73703d041b36bf23e737d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\A0CB06E39BA14392E6073A0F9CCA7337E7F49019

Filesize
30KB

MD5
5977f0c9987afd57fb019bb3fa3800e5

SHA1
516317df2c3f7c62a018b3774f8febef1fd21183

SHA256
e7c995ac26a92783ee780dc28ab3e1971a0f644a5f8da5566cfcf11a56f941fc

SHA512
245c633505594dd4f3c6a971577efc21b3f3128fb650a7068db313e42d019ef6cc04d3f33df867264e0352180da37634f0d4cbcfef7b7911c1d06a27cab5f07d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\AB21663CF7E0B026C9C2A02C64C5E99E216275BC

Filesize
41KB

MD5
389dd79e6a0298804ee53e6ccde0ed4f

SHA1
70c5d642b25e9af96aee1c1558a5b369e4410c9b

SHA256
27587dfd91c6c4fcb097071c1d037bdbf966751ac459fd4679b78dd21c2f0bd9

SHA512
b77c2a61ac7962fda0a8d0786c943a698825217e851a9ce7c8209bcf8b1a010aabd9676b06ee9e2e29f91d762fec9fe59696ffdd782c94e5e2a68fca0be106ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\B42083CA8B38DE13F667B854DA4D0356421E5DA2

Filesize
14KB

MD5
3229ffe873ebc194d7f4aaef5b084259

SHA1
a76fa2016d3e2b6dc894525b555e6550a6b674a3

SHA256
b9ea11dde63bf9a1ef2ae3d0b92d69e40315f959c1350d125ffbca7840159c88

SHA512
4fe3a1825bc757caea8d88e2ebc8e517712d30b03ee301f5d20441ef7c7a84909ab3196f85c7d7ce8c64e10cf65e5ae526782faea5dcac2a56b5617e730f6e8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
d6c593b701c90f918abc79fe04ab08ba

SHA1
92f0c37fa3151d71eb10c6481cfe1e1da577ee5d

SHA256
51ebe4fbeaf785ef58d9cc02017e399b7d7578e8d1acbc73c634cfa76f206070

SHA512
6dea2d9a085bd20171a57006b2a59b418c6e34019435ac817f1da2431fad12a912d01d9fee2884d9aed8312add1d962678dd0818685e2b0ed09135b4d5512763

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\EBFF4C029FDE64B2DA3E0F2CEDC732CBBB3D62B0

Filesize
15KB

MD5
0550a7217e9622cfc21d93fcddc373e8

SHA1
17c646ecbcfc12ea34626f6ddda8ecd4403968ea

SHA256
c2596fb51f455e0f949f50348e3722cd1e88ce0da76918961fb4cf4929ff1ebe

SHA512
8ee6e77e0e18ebb5274795324c93280d6581e8e1d82d3cf331d2134e9a18bd2baf2f57df996387841ad0c5cd4a1ad4fa77ced82010c6523e698329bdf7594cfc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\F41D5304E2524BFFF79CC1A3D40541C1CC402D82

Filesize
39KB

MD5
6b623699f75d8fd7279bc90b75bfc18d

SHA1
9c2e7239f3404aba9523a426fe373643f595336a

SHA256
26da7d48107328b87b00ce72bfa0dfc84d2b1a6abd69c6c306e2816df12c3e76

SHA512
164b0580463437b582b265d335c13269f2df724f6663bfdf50427ca0d49546a95e33123494d7bc5573c2a2895d85b2247e82154c23e2f882a7c6710b897049a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4p84urxf.default-release\cache2\entries\FD2A3B920FF6A74ABC7788465819EB0855D52A17

Filesize
38KB

MD5
4cb19f34bb6a86a80a37a3675c4c4bc4

SHA1
639be7890482e62b4b71874d6490c808d8ea6939

SHA256
9e8ee34b1e09dc910052de63b10c4c73052c9954129d3ca9bac6541b17bbc6fa

SHA512
e92f2f0649456f88fd63e061ee76424a85cc09705633ed7344c2b18892aefa04d212905e0efa5b45d91c35501216331258f443b7ac9614eecab056254797dfc8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{51325390-AE6A-68FC-A315-0950CC83A166}

Filesize
36KB

MD5
8ab0ccfe101f2a223bf9fc11f910ec64

SHA1
86a7cf51b399bb786896fb77f59ee8b4844f5afe

SHA256
8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a

SHA512
b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}

Filesize
36KB

MD5
8aaad0f4eb7d3c65f81c6e6b496ba889

SHA1
231237a501b9433c292991e4ec200b25c1589050

SHA256
813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

SHA512
1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc

Filesize
36KB

MD5
eab75a01498a0489b0c35e8b7d0036e5

SHA1
fd80fe2630e0443d1a1cef2bdb21257f3a162f86

SHA256
fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47

SHA512
2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_NEWS_txt

Filesize
36KB

MD5
968e7d1aa993ef1052b35a95c51946d5

SHA1
c67817521eb4f70d692d3d29b32676b1871e3d40

SHA256
719fb4e7016e1c4fff64166a8809a6ffe5d16ba0a40e4e8593ba7f664337e239

SHA512
3382a01b518c38859c1ffc8799aacb941fd7bedd2cecaab4fc8e7fe8e44aeb6acf3997b844b9b5d8ddf4e72331e33972606cab1e9d8b527bf80ef7a9a0136022

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0506dbf9-9997-4c8b-9c15-d60288602950}\0.0.filtertrie.intermediate.txt

Filesize
28KB

MD5
ab6db363a3fc9e4af2864079fd88032d

SHA1
aa52099313fd6290cd6e57d37551d63cd96dbe45

SHA256
373bb433c2908af2e3de58ede2087642814564560d007e61748cdb48d4e9da3f

SHA512
d3d13d17df96705d0de119ad0f8380bfe6b7bc44c618e2fcd0233061a0ab15beae44d38c48a880121b35f90f56c1529e5f4cf1a19acb9e2cbba5d1c402c749c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{0506dbf9-9997-4c8b-9c15-d60288602950}\Apps.ft

Filesize
38KB

MD5
84ac0c242b77b8fc326db0a5926b089e

SHA1
cc6b367ae8eb38561de01813b7d542067fb2318f

SHA256
b1557167a6df424f8b28aabd31d1b7e8a469dd50d2ae4cbbd43afd8f9c62cf92

SHA512
8f63084bd5a270b7b05e80454d26127b69bcb98ec93d9fad58d77203934f46b677a3aaf20f29e73dcd7035deb61f4c0aa3b10acbc4c0fc210632c1d74f705d2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3e924ce7-c63a-4c9a-b429-6130e81c905a}\0.1.filtertrie.intermediate.txt

Filesize
5B

MD5
34bd1dfb9f72cf4f86e6df6da0a9e49a

SHA1
5f96d66f33c81c0b10df2128d3860e3cb7e89563

SHA256
8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

SHA512
e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3e924ce7-c63a-4c9a-b429-6130e81c905a}\0.2.filtertrie.intermediate.txt

Filesize
5B

MD5
c204e9faaf8565ad333828beff2d786e

SHA1
7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

SHA256
d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

SHA512
e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3e924ce7-c63a-4c9a-b429-6130e81c905a}\Apps.index

Filesize
1.0MB

MD5
f4514c93191e0efc0f61036e4ebb341a

SHA1
c80478e9a734790c18584f67a43518aa4a7dcf58

SHA256
43da4fa5f62affe399ceaac2d489b7cde610963a48e72d445bebe6f2c63a3600

SHA512
8aecb3491767e040a52f351908004db2c8f2f083397744585c2832212ec8aa288d3492be941a48b04774e16b43672ab167209776cbdef6692fef684fc54666a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133573951951820063.txt

Filesize
77KB

MD5
e28a497e4354e7d029c604033b70aa09

SHA1
bcd63bd5160b7ea3be74a2fd33169d349f813d90

SHA256
d80449ce6fd9b74a8a28f4f331398d009d9b5ba8b0abaff786d4aa3815358996

SHA512
6298b1e28203b76f3a29e855e85b0cb1edef0607b19f6a60035af147c91ae2e88badd8ee4707c970597febf922dccb5a774620534ea702b90998b1b8c8a39405

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133573957476033336.txt

Filesize
48KB

MD5
fb78065187348f227fd882921b094074

SHA1
7fb91851b3fffaa5d28e3e434c0490822b880937

SHA256
a25c40c18d36e6932c43fc6f76de4f7826608775bf87d88a385ce692d883daf3

SHA512
0cacbcc7bc0d80170ee810bf233724f0ba4f4fe462107de2bc48c8a8e1c7546e9714db244c672830fe887559c9e59b3ead6504fc6305b67a6ae596e43c569ea0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133573960313703468.txt

Filesize
66KB

MD5
47c5469d38803a4a184cb8573aed02fc

SHA1
0d3748757c4206f410409bc608c4d389b51c53d9

SHA256
fdbfb574f8a4620613186b6ab4e64e8e76ddfc27b06751d4b7c599f302761c64

SHA512
e96a8e460027fbf742205d7bd779693a0a78245f23525618c7410bbc9686e34ec360c50cc9a35d2b7eee2db9b7171eb2196c9197dfa797c30120d4f358c959f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133573984564388481.txt

Filesize
75KB

MD5
a1c6c05ee01aae7e68b4170031f2ce32

SHA1
e504078ca444efef715010fc2a1d2bb24f23ed98

SHA256
c5cfe868940725dd9797186a8c601acf98333ebb09cebf537a4e0d7df2f486a9

SHA512
6c80c4e8c7f3b0f95020bd448e8c8defa8f0ea4f6e193c5c75daf02b9d68d2da5cc95582b020b2c3ffb5a9bfb0b0d30d04d7213a43782625bd09cdc0267b141b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat

Filesize
8KB

MD5
a8308d2f3dde0745e8b678bf69a2ecd0

SHA1
c0ee6155b9b6913c69678f323e2eabfd377c479a

SHA256
7fbb3e503ed8a4a8e5d5fab601883cbb31d2e06d6b598460e570fb7a763ee555

SHA512
9a86d28d40efc655390fea3b78396415ea1b915a1a0ec49bd67073825cfea1a8d94723277186e791614804a5ea2c12f97ac31fad2bf0d91e8e035bde2d026893

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\wctCEF8.tmp

Filesize
63KB

MD5
e516a60bc980095e8d156b1a99ab5eee

SHA1
238e243ffc12d4e012fd020c9822703109b987f6

SHA256
543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

SHA512
9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\{06AD8798-F529-41DE-A07D-A0A01306B22C}

Filesize
4KB

MD5
2680bad2ec42aea99638991dabcda9b0

SHA1
8fcff399d6f3bc40751117a11ce7b68db9f998d4

SHA256
38cd5921fbf5fa66e288c97abc694cf95150404ec0e7d08cba6bd659cbad2c77

SHA512
50df32fdb46a8f56a7c8baca3a48891a4540f7e296fa2ea88ff83605621ea7a77729709b5dbc4f7fbe034fda139a933541f420bfdafeb71f7f9fdd2fb3433546

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
c4d888812e4d07d668b4434720c9e1d5

SHA1
2939b2cbbb6dc1d581b980b13bbf6c934a21d2c9

SHA256
65e7fa0ce23a4227ed2bd9b8e7e511cbca630d6415bf17eeff08f10e9bd3eef0

SHA512
67f152450e17cfb3318893e00d3176ca11adf074fe659cacd1450e5790571209b9b59ca63ce39ebade910317af2b6b19360c3e350d76b53475f3f04bb78206fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\AlternateServices.txt

Filesize
982B

MD5
de7b865018f41d7f926c6f24de5fa170

SHA1
1bc200ba352645c60a2f8edb088817bd6ac2579d

SHA256
3d98e03c94fe1ac051d417bbd51f30651f1069e48a03d2d85a504bd475f9f678

SHA512
87f96dcbc0d0fdc56600feff8d9573d8a9355e03eeef2e905a949259eb2a2d511a6f25075158b637870a42a8430bdb54fd43cf63662edd45d3c59eb3eb5d557a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\SiteSecurityServiceState.txt

Filesize
578B

MD5
1eb7a8f0213877131d5ec75d7cff6002

SHA1
71176fbd70528ded3d866a9ba2bb8540a7163618

SHA256
f64f98a9202acc7b08f66289db7012faa2374ed3182c2ba394d652a9efb89ecb

SHA512
ed730ac9c72904a456fc5c283f938737f42e6614203b446b09796b4d7723a77cbb8b34b483f11b4b285e7f0a9d7d4ff084b46e373925c1ee8414158612753888

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\broadcast-listeners.json

Filesize
472B

MD5
18ceaf57759c9e333d550043d1415813

SHA1
6da47be571ea07d9bc340fb0709d17140523a83e

SHA256
0cfcc23c7ada9fd92f8432f5fac24825464b291278d7debf8391feccf680f3a0

SHA512
5a8af7426001e029f8b1e230abbba602e965d8249e6502d2c641b9a336abf5f4b675231e0c8e0980df4f1d47777e5f85a297b3bd7baff2b860fd2ba649f6e790

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\broadcast-listeners.json

Filesize
216B

MD5
bb7c5aed76f69f57e3941248eec29c9f

SHA1
93124cb008019256ae8d0bb27c2b832625979126

SHA256
4bbd29f1a2060c8a98d1ec29199329c557a617a775b697cd27bd6ee623234c02

SHA512
7ac6d6c6ba5f9004492f0100eeb607877cb69c826209de15a48b0d57ec3decf4d8ba4cd164714a1403866397b006a8fcaafe4b8a3b44a530a2ba97e20d62bfee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\cert9.db

Filesize
224KB

MD5
93580925aa87195d11b3be1dbf1e7500

SHA1
2c3f31b370d1d50d329ebf9f7920df3b5e3e43f1

SHA256
978e4ea1bb2163e01e2d5713f654218f2df847de44d920bfefa987dd2dacdb5a

SHA512
04d8b65be1926b497c7e662d928005f07ca40a0f651ca55f022c0188161fb40b0111d72ee1ad2b1f752d5714c820c06b3e4110499d8ecace04c45844ad25343b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\content-prefs.sqlite

Filesize
224KB

MD5
449848dc536f16b0d6091db65c36594b

SHA1
4e5c4376c75e91c380f441c78b4c4856bf0b2aa6

SHA256
3978a26b353c911e6aa95db12dbf534d33bfe3fbd698abd9efa66fd60010023c

SHA512
82931446dad74b051fd6b8aad922a1f98e4f8f25bce29165f4bad808234bfd8939b559a996e3b857769ca7db216687c7e107e068e3e838bf8f2caa8300d968cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\cookies.sqlite

Filesize
512KB

MD5
2f46f856a3c252309537df2c80ec0594

SHA1
4270c28e4aaa5a594a471799152d0efe179c40c2

SHA256
053d1769f64041bbd7cda32d71ff0723146f59d3db754cc162cc99fce8fa990a

SHA512
08f39164ecc01ceb6403f1423d3c408943026b5a23bc9d3ba0033414a11fee98d4ef52bb5fa6749f49f0fd974e4c0b0990c01f09fac37435c50787554ce9765f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\cookies.sqlite-wal

Filesize
544KB

MD5
a5db29a92161dc75cf948f2eb867577f

SHA1
ccee91d8d54c26092902b6f523bc634ab291b80c

SHA256
3663ab13ef7157f6fd7f12d44954c34800b75147be8d4708579ec02d0533f7f0

SHA512
f66654fd6b9e2c930911360715318e78856a41d5ba6fc22879d1675202b04961dd59a9dd821b92e9cb45680640523f46be9bdd435fec5d2f2d34c498ce8d0071

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\datareporting\state.json

Filesize
51B

MD5
3e32e2cc1ed028dd8ff9b06f50a4707b

SHA1
b3910351bd8e13ad1479db699cf6fac6544a5bef

SHA256
4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c

SHA512
4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\favicons.sqlite-wal

Filesize
576KB

MD5
3d615b69ba04c301feacf4546b3b26e0

SHA1
15ff51aacb5175a882c89d105e0ecb075592ec86

SHA256
4e0fceb8e4a63a2a3b483dad2bae8b7483df669d54019fb56d1e9df16d97e677

SHA512
012d9abe6b91093f32a024adafb9dbd19ab7ecf37525d1ee94860415eec857782030c5e17bf42ba4cef5f6e7ff7829397367332c4d8988e8e6a11f166e1bf70e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\permissions.sqlite

Filesize
96KB

MD5
6371c4a9b7ae59261dcb08a7d6d2e0f2

SHA1
d72da0971d189eea14744dd756734d088c689c23

SHA256
0eecfbff144b641f4533eaa978414005f9780b8f3e3b7ea8345f075ff816e873

SHA512
3c8d1e996146da343b7fe52a5223e679cd64efbac7efe0ac533c68c73ebd0d372b6db8365865c812b44afa45ffc598a641119b90e30519cff09ca1cedb2d23e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\places.sqlite

Filesize
5.0MB

MD5
7e8ecaa43a58370d1e1433b54053e098

SHA1
52a0af1c4871e346b1889183995b5df921dde362

SHA256
d7e8dcf1a77f653ce8c913f92b41a1040cedfe1fdae99ed5a93768c6cc12e61d

SHA512
2068b012f4b9ad9142e0c39266978e75143ad0be84980dc37257da66040398da9b0f14ea6a88d78b6c6e201aa815621c55e5357dfb1aa457baab7760d1269d4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\places.sqlite-wal

Filesize
2.0MB

MD5
c588b5a4503479757e259da24df8453e

SHA1
af1dc4a324dcb4808cf19f89053db13b6915bf24

SHA256
adb74d8f54031194f47b8b190bce51795e5a6a4a02f9d1e486b64e53cab7e879

SHA512
61ea3bbf7f2dc24cee0a6b86e92c7308b5a649a680f4bddc1932a9e958ab79fd1d72f2fa220ed3fc875e6a4cbdafed147f87262cbbbbbdb8ff3369d2efab691c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\prefs-1.js

Filesize
10KB

MD5
fd8a734c52f952fb4cf7db558f07814a

SHA1
8ce9ef83c8774da1c80093cef59a4b9632d3005f

SHA256
69e4e1c59e43f9944554b6978daa87a6b353ebed1ba193a9c3064743c0f12dfa

SHA512
bf290c82297e06a6eeeb87cbbdb69315fade683ec413d3e37077afdfaea8774cf84ebfa7c323a297650ee34b5d27e63b4a5297d608482208021faf22381ab658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\prefs-1.js

Filesize
7KB

MD5
d229e37bd233ca27f8288cb8419d0755

SHA1
c9843fadf0c8966e9b539415de30fc0a75657b56

SHA256
d83afd27fc4b6ffab784589e73e26e4979c9a3bddae50c0d9b2eb5ed28a98482

SHA512
af379543e1265b006132768fbb7c76d2202e2da608a274ccb9a4ad3fd3779c5d070287d1e906061b80e51982a64e1a4c0aa79a859861c9b0e125faa60ba08ed0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\prefs-1.js

Filesize
9KB

MD5
b68e928858a6124875881d8104d80a82

SHA1
46f4cd5b7f53f06aaa79292edd304651ea9dd9f4

SHA256
8e2c1b9232139478bbbb90f5ce957a71391f099c53450245d1b0da28fc3835ce

SHA512
0686927d4f8060e8cef7788f5111fb141bb62d42aab93a28b9cc5299003022f98ae3462b821f304d3f56bb39208a4eb7fb5b8c4b4939df0b48b4d7c643ae596f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\prefs.js

Filesize
7KB

MD5
8ed8057cd2f1121ddfc924ba3faa90fa

SHA1
765250acf357c2b474922d35b992778f823732f9

SHA256
66c15d02e32d8cacf14cf8f7a86182f2485cafe93f774c843547bd83e7c34dac

SHA512
2c9d651e812614141647b367ca3c71ec3d7f8d4dfe9bf1d7b62d0d4235d0b6a6f9af7f14cf771b10afc5e4472dd9c3ea7a2906e91b6854caca1dcb794993900d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\prefs.js

Filesize
10KB

MD5
239bf7ebbf78b2d5763723cca9ae3a3d

SHA1
e1c9214662adc7b5660ad5b0b8befdd9ecaaa5e1

SHA256
d4e3d4d400edab016dd856b183ef807823e46b07192c780a1d39e8f934d68ff2

SHA512
26c5271afe610b70e636708da17c245e78d21d9f9fca405cc739940da97f8f7d2c88cd4c144b23f07b1aabbbc4810f6362d0783d01f503527f1c60f63b2eac6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\prefs.js

Filesize
6KB

MD5
5024f105e72365ecc73831e14315bd95

SHA1
b412bab8af131f8381e47e1c45b1e862434e3434

SHA256
924780021eb51876ec75bb7d7e057d45357cb174fe8b0ba3992308cf04a0c0b5

SHA512
867c2dda284d7fafc151b93efc552107cef519c83a416a78b2b2d2efa5495bb5f6b7f854d6bbe7b9670e7f3eb0dbbf8ca6c2322824622cf8b37fd7f3d4aa30a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\prefs.js

Filesize
7KB

MD5
42e83a39e0f639bcd4ac07c63b777ec9

SHA1
8f145c5e82a53ca0f6a90a4d5f150e2f1e420c3b

SHA256
f36fefec37ad6f7c010cbe5effc47aa5c3c8f5bfe5d684ca2100d65bdd1bd402

SHA512
2a4ea33d130c2e6c89af701c715979ecfed7fcc50711744f7e4d309c5e16e645f380a7e02c8d834956419a943f8f1ff215d0be6deeb47f543efd3f68b753b0e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\protections.sqlite

Filesize
64KB

MD5
5eea2cd94aefde586b012e2e4994b150

SHA1
51ba901bfe0a7d9d2b1c9838fd12dd00f9545941

SHA256
c660ea75bbc12128fb5a4f6cdbce76854ead2fb0b967405fb3459dbba99dbace

SHA512
96507a11aa97fd056647d1b623ab65976f2c42bcde796cb20362c16b5bd3a94315061167609462d908369bb61ed2342f85a9a57596275db61df638be102e4cc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionCheckpoints.json

Filesize
343B

MD5
5eda51f591af148f49f9e83192201f8e

SHA1
ac984dd14844dd3a1d99f16b586082a2472b421b

SHA256
f979059f9b045717a16f91142b9f01f82b9d6ff08feb5fde17e453a442399a7a

SHA512
0203b41a67cc46548ef9f2be924b2ad06a8cf539cb08eb15cde2ed14a0f3d9515b040f5b86c9aba38693edcd48a64829c4fa6c6292fce07b7b0ed8acc4a11245

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1c19a3e8a66c156b86c9ada3e1cdff87

SHA1
69be1da1fe9240bd1898b24580341511fe346d3b

SHA256
d1bfed53bf4e63de99346debcc4523e95de5e8f450420d3b18afb114679fe909

SHA512
4d8d0f21327a60b53959343f51e70b13511f9f886b8382b00be029685bbe3fd0606eb417b04d8e1c4a77da7a33205140f2e96606a7fcd20e1f58306e99436cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
bab0f98746f3482a5b24386edec56154

SHA1
b5b1adcc1a6f8cbf6601d766c55db7ba4b92e652

SHA256
a0e1dca247ab2282a90d3ac742a26fdfe41448285633a4d33091a6c5577d8d52

SHA512
6b8878eac50483e292ef6b27e097543341a6fe6a75d3d7b27313714032168782ec8087aae7cd3cf6c39ab6089a6e7238e4fa5c95f0feaf24600eb6dfd39fa853

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5db1db196d8d635caf2a6676552ff982

SHA1
148ba06e6ab297a5269f99e855d5744e8e67b0dc

SHA256
20c828741e1accd3cf846d9cfe20557135474be52eaef6ddb1edf124979779cb

SHA512
96e1c0d203e1f9d41682a7ee467e7111d76700be6e1e46f1702cc0e279cd6b942afab5d07691c424e18558b8e4b140fdcf5fee839a8f658d7f44d3367f35ca4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
c22024a34c363e9c94e1d9eaf194d556

SHA1
b9c111276839e888075dc5e18e244ce3275d90df

SHA256
691096db0b12fc63baf589c3fa0d4e2cf3c897ed3da2b844049557644bf508d5

SHA512
e521baea9c2607b12ab3eb4cf65d6409dcbe0920e39e942ef33f00967bcdc7ec6772bfa7fa2903332b70b9dd6e63acd632d51b75a9e8cc7c4f9f8a663e741654

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4aba5f576ee3760677bc482f3ff75f4f

SHA1
6be44dcb622c1b6fe51f2be5c9ee64298a4fd773

SHA256
1d4d398c7cafa9f2b6d08e583c525745126a798f76ffb16214345859962710df

SHA512
8ea11d137d7a8addf5847c948054da911d30b218328026192ce20792359d9fe85dffc5fa7189efbb65a91f335f564041fd2766ba713e0a15ed0697a2c3e91f8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
458f60550d5673a5f233e014a6ff660f

SHA1
95bfa13f0b2dc672407d6877ac4fc29803276d6a

SHA256
2a32e0891326f182eb200f27d49f81a78a491db3f68814d907a6f89714b186cb

SHA512
6a41e3e59d365c4194a7b052f0a6557c6eb531caa0121c81c9d28827c9f4115e9919fba30188da4da64bfe3d088a92f5b062caf326e414911740093ab6cc8070

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
129bd2428e08d9f747d218076f81bfe2

SHA1
a21eceb1621507f2b314591767fe9f84c9ab2299

SHA256
3292113e7398490e016466ccdfe4f22c7cd212c981b3f796a235548ff8a24997

SHA512
659912655b857444844de5407264cd53c2d298a5f02201dd28157d3c777db2b20de089adfab1c1b6d240330bc30c300c0b555c9ac601c59821f7fc6d7443dbc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5d8617884b156e80a39830a119bf824d

SHA1
6b7882671d3a23462c5e143fad15b31cade1c64d

SHA256
4ec46e71e8bf4bfbe96d09de09e9f4b5429d7cf1f381a11315cd86d3d0576739

SHA512
1906301147f3136521d4d88d77e1785aea549fb3ada99d4c281d93855173622bd26d3424edde118ae36412e61574103de0388f49eb467fbfa08848cdce87c417

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
ab54d69fbfd21aa71ef363f96d387b6b

SHA1
62e9bfffdfc3a0c4d8252e96db96912f2d3c084d

SHA256
e63328d183fcd88236f0b0680eff6ff47719b2b3c0fa78b50d2ee2dd8ebd4d02

SHA512
ed5855608be34e7e91b1c04707809ae694942cc911b34cccb6e9eed9ecf0f6400daeeca63eb2d2d25b79fac2bac4d84dfcaeb036cdd6f5668c20d3089d1ebfad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\storage.sqlite

Filesize
4KB

MD5
434f7cf668e7b62e4c7fe2cfb4ee7148

SHA1
a5fa0c5712b490c38ede3041ed20a6ac33d4fe84

SHA256
69919102a39658ef82324dd46b5606d6bd60b1282798ce103da008b03dd9802b

SHA512
67960f3437d7af08bb454e2f0510ffbc847b4a5ae26a9128de6c320f441f56d6ed09334f4eda42e3ba0fcb158170e3c4f16f5ee8c6ea4a0878ce52afc73d1e56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite

Filesize
48KB

MD5
4615fb8a74bbd4d1b565b959312cc2b8

SHA1
82369b42f01563ac916e0e51a3f3ab15c4b8fb97

SHA256
a5b27e862d4d872a0c08c9971a3881d1f0a29c22be7c9c3d8656b81beb7adc19

SHA512
2d74f2af3c764a4b6b327d0773592bd2b7c02d2efc5a332cd1bce4357e2140080e3c30765f68198409f218324c8b02fa24ac7a5b96e128411b1b42a1d057e37d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\targeting.snapshot.json

Filesize
4KB

MD5
44a08011dc9e3c0d3babe6e2369c7ce4

SHA1
effdc08d31cea33368407204d7b0d50ca39ff953

SHA256
0b7a67579ea2a026cd395707481fd6defd7617217afa51d9925f097423aaa07b

SHA512
58d8b860dfe29ccc06e78aeb5cae0d602872726b0652082c987e69500210448384c8972a398fd555b386853ef4bc3fcc88ed315df7d735ebad9f75c784761ca9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\targeting.snapshot.json

Filesize
4KB

MD5
d5741ac35a9e77d67ad34b40a67c22b3

SHA1
3ca6b5fd33a0227fa2674b7b72297d2f3f66ad17

SHA256
429247d19156dff627c5f761cbcedbf5a079ed1013231a8b34aadad7db82783e

SHA512
25cafd594ff239a639cfe4c83f52865bb0d2aac42eef3a603dc12ec62b2395b3ec339db9282267758c284a076b470f9b258d218f035e1a19125951243a8a6479

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\xulstore.json

Filesize
384B

MD5
6cdc98847159e779b55d8a710b74bdc6

SHA1
43ea711bd90b2896093a58e008a119fd60cd2bfa

SHA256
dda42697be9db7e64e33b6a8de3f5bab9447e6f2719134c2c93885e11e6e9e93

SHA512
04a4cd8b226ebda07a0f6c67840fd9162c5356a92c15800641ee90617abf8b9902d84e42986021d188129e5a155d62fa47adbfa0633530d94638fe0c2b3466d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4p84urxf.default-release\xulstore.json

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
C:\Users\Admin\Desktop\Cheat\DECRYPTION_ID.txt

Filesize
265B

MD5
7e299e2ca3a403c65f6c6155d5982266

SHA1
1e084e61d33e47305ef1a3e7d10bb23736b67c9b

SHA256
7f47c8fe98b779578545ef0dc356c7d065c16faf82765c1fd81f1743799daf7f

SHA512
dfa581561ca5c6a0ceeb0a515b325bc1c83c6192c2dcaf2f5986cc3a6f7594085a3f2e92aa1335400c24cae70fb66db349ff972adc9296ade5802b9e0698e7dc

Download Submit
C:\Users\Admin\Desktop\Cheat\Password_dll.txt

Filesize
2KB

MD5
a967aaf99c8b2eaf3e1e03a5c42af56a

SHA1
b2120bda8410adf0309794d93b077c6b5974aaa8

SHA256
5149f5d57606854b776993253c30c88905746d9706a905f767fed71fb2e10134

SHA512
9d75d91613a78ca59e69999584355b996704010d309510e59392ad30fac36200c1d15a6b4b1153270b13e4cad203e67bb6b072bf211a6003ae9c84ad0e65c773

Download Submit
C:\Users\Admin\Desktop\Cheat\Password_exe.txt

Filesize
2KB

MD5
093c9337c5d27a47387d6ae55d2c3deb

SHA1
de344b2527250faa8dd4289579835b57e74776ad

SHA256
678688a067cd279b8109c663bd5778a7cb7d4b923894f6ba08b0b197a16667a9

SHA512
f03ed2b4656cef2d6f1947b534462be78eba29ddcaa7582570d7c9bec80cc40a56226dd6815341a936c084493c1c70006cf5a2a1562bfeab23ea342feffaf7a5

Download Submit
C:\Users\Admin\Desktop\DDDDDDDDDDDDDD

Filesize
147KB

MD5
21c5ce955bc79069663157fa05635cd3

SHA1
ef0e1ff07aef20f33876edb32182b721fbc430a9

SHA256
1b3ca4f12eebe4b45018da4d8812c25efcabdae676d1dcd674594e8815ccb9aa

SHA512
75c0eb73f0ae7a20f90d8bfdceeab57fbb47061e121eba9452b63b296dc6e2e0df5bb5a92a1ff37b90020db3761df51a3fa0e3289ef650fcdd769093051f3648

Download Submit
C:\Users\Admin\Desktop\Loader 3.0.7z

Filesize
81KB

MD5
da32486398f8cab63eff6a29544df1b1

SHA1
29cb9512d86f884573a77525b8a5c66eb3377a64

SHA256
006c73032f441752479b60163b5ed055d427076c1d38f6564fa9da8e8ae1ac02

SHA512
0b75d334ff900093e115f6235b0fc4b81422e82837e9c7ee0f1b5c0e9afe9c04b9516f72a71058e50fb445ecf735aeef9d0301475e2f7dfb427270a714020b82

Download Submit
C:\Users\Admin\Desktop\Loader 3.0.exe

Filesize
147KB

MD5
ff4cd364323fc2048c35783a38070aef

SHA1
4736172dd07a3a196343b94dd56b4e4edc0f2bce

SHA256
6dd7522accb6773bade16720b53ca577574defae5b1c7caf4b7fc6826dfed7e7

SHA512
c72b07b78ccbcfad14fa9f7bc3e8a086c29969b4f7f30dbe57a1a173cd82d61a20bf5ead0bc7b627d5d7f7f0def71710e2ce09590be7a886ad6c9414981eb961

Download Submit
C:\Users\Admin\Desktop\Loader\FFFFFFFFFFFFFF

Filesize
147KB

MD5
66bf0c90909e801fa3070174d846956f

SHA1
a0d87af1acc0625bdb2310d994c991980c7187c0

SHA256
880011db9daa7cfbeb593ac274e8a4ad8f44a1a8016cd23b287a47f8269b3cdf

SHA512
5891829e66e7ee808ce5a9b9ef77553800e9e48e44972d02bbe4bb531b533e6aa6d4d905c72f9694d7c8c0b837849426f0df2fdf69a9ac9f19713ce6d6fa5856

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\priv.key

Filesize
344B

MD5
16b3992609c34724a544ececbba146a3

SHA1
cfbb5512610180aaf4f4c73db63bb942c169b903

SHA256
9c68901505962a2a800364eae678167ed7bad2a950a6feeccab61fbf9af41edb

SHA512
d7a2e528c1612c27830aa412b92949aa75077d02de51190e10e7f3028051d15d616f5751f68622549234b1515fa28384c539a60c5a62ecd958aeb607600ab682

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\pub.key

Filesize
344B

MD5
988f0d81094469859d7c7ea06d8d4074

SHA1
3e0ac432d18eb6ab139c6c1907cc8e5c0e9f04db

SHA256
7a5857375b380d66f3c411d4f992225bd1c47c2fb46adfc19df6efe36d9125e3

SHA512
a66e9dcd186dfd8f430de451c77254d71496761be7886a2376f2a3c008974df838320e19168a15338dc50a91e275c4310467fe4c6ab19ee2e5e7813fb304b6f3

Download Submit
C:\Users\Admin\Desktop\LockBit-main\config.json

Filesize
3KB

MD5
db5b144d5f66f50d115753659bc79506

SHA1
c791b2c8eece5e9a23edad12153ddc36bdb4b191

SHA256
b2c370026eb07649632b0afcc92dbe2206f231e6ace0b7714ec305639c5e0384

SHA512
1b68b25511383316703eee0005c7d9034ed57d1ad55d5b92397b4c77528cdd45737973ebb2fc3491f45dcb0df835b9e14be1faf1f388c0c95ac614cb44f1559c

Download Submit
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2

Filesize
4KB

MD5
f5459802a128958f995280d27e2c103e

SHA1
342959d30a5e6e5ab7a232b782a2748a61aebdb5

SHA256
62d36274e62af50cf0833beeb69a1bfad7f49f88cdc734583a59856e8d53fd98

SHA512
88cf07ea5bed9c7de567f60bde456e7d88d59854459829e3f7111c1807ddf30f349733597132563b44c581994db61f8da5690598989ed709a272e5bc16e92db9

Download Submit
C:\Users\Admin\Downloads\0neZOSs9.txt.part

Filesize
1KB

MD5
c7f0774cb1f020931401610fe8277863

SHA1
794a40ce23af4e38ca545ae49afc8411da2a5a9a

SHA256
b3394b38796f33b90e077d35052633f8b152b22ab059b25d9c7a531ee088245a

SHA512
90ab92257499062a48dd95f5d004823d24fd277c5bb0fb61dfe452d065b0685e12b684ebc022c3735b5d8635b56076e9b2c6f9d9b5a69f64ab16f69e1d551219

Download Submit
C:\vcredist2010_x86.log.html

Filesize
80KB

MD5
2aedd97c0609b09c79df1248fa59c994

SHA1
cce43ec9ea0efc54ce6f2823d8580f5e27a26d37

SHA256
39ca2c66eb618635dbbbee02e93d2ebc872dfc8f7f425ade123cf0f225de46f1

SHA512
7adfe6d9be9500b81368667a52c901101544c4150304b5a9f050f8c6c93a77a3126083e134ccc6060cffdc1445351608446bdc26b556ad7e1e25ba2ea5996b73

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2177723727-746291240-1644359950-1000\DDDDDDDDDDD

Filesize
129B

MD5
349d1c1419f0df85f81922c4193601b4

SHA1
a6de6b3a16bb646ad2b11c90b82dd333f0eabba8

SHA256
b38960f046352246b976ac7afbccfe459c59269a95fb392bb46ce7cad3a3154c

SHA512
7bdddf5b0f8cf40a5fd72828d8619a6867cf3938ab57e1c5711205aa5b9a591a1909822ffc90e72e0816455b3f545654d4321bd77527cbe69fd870f169c7ad97

Download Submit
memory/704-902-0x0000000002510000-0x0000000002520000-memory.dmp

Filesize
64KB

Download
memory/704-901-0x0000000002510000-0x0000000002520000-memory.dmp

Filesize
64KB

Download
memory/704-903-0x0000000002510000-0x0000000002520000-memory.dmp

Filesize
64KB

Download
memory/1060-8412-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/1060-8475-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/1060-8479-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8478-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/1060-8477-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/1060-8476-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/1060-8459-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8410-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/1060-8411-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8458-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8457-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8442-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8444-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8443-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/1060-8446-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8445-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/1060-8436-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/1060-8456-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8447-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8449-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8451-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8450-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8453-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/1060-8454-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/3084-4906-0x0000000002B10000-0x0000000002B20000-memory.dmp

Filesize
64KB

Download
memory/3084-4905-0x0000000002B10000-0x0000000002B20000-memory.dmp

Filesize
64KB

Download
memory/3084-4904-0x0000000002B10000-0x0000000002B20000-memory.dmp

Filesize
64KB

Download
memory/3892-8488-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/3892-8490-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/3892-8489-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/3892-8487-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/3892-8491-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/3892-8483-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/3892-8482-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/3892-8481-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/3892-8493-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/3892-8492-0x00000243836F0000-0x00000243836F1000-memory.dmp

Filesize
4KB

Download
memory/5244-8448-0x000000007FE20000-0x000000007FE21000-memory.dmp

Filesize
4KB

Download
memory/5244-8480-0x000000007FE20000-0x000000007FE21000-memory.dmp

Filesize
4KB

Download
memory/6032-4017-0x00007FFB26B60000-0x00007FFB26B70000-memory.dmp

Filesize
64KB

Download
memory/6032-4018-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4066-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4019-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4020-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4022-0x00007FFB26B60000-0x00007FFB26B70000-memory.dmp

Filesize
64KB

Download
memory/6032-4016-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4015-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4014-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/6032-4013-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4010-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/6032-4012-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/6032-4011-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-3979-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/6032-3981-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4023-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-3980-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/6032-4021-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4024-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4025-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4026-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4027-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4028-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4029-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4030-0x00007FFB692B0000-0x00007FFB694A5000-memory.dmp

Filesize
2.0MB

Download
memory/6032-4064-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/6032-4065-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/6032-4063-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download
memory/6032-4062-0x00007FFB29330000-0x00007FFB29340000-memory.dmp

Filesize
64KB

Download