Analysis Overview
Threat Level: Shows suspicious behavior
The file https://gofile.io/d/BZ1Ftt was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Detects Pyinstaller
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
NTFS ADS
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 14:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 14:44
Reported
2024-05-10 14:48
Platform
win10v2004-20240426-en
Max time kernel
53s
Max time network
55s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\lock2go\lock2goV1.3.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\Downloads\lock2go\lock2goV1.3.EXE | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598260821605397" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/BZ1Ftt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1e89ab58,0x7fff1e89ab68,0x7fff1e89ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3256 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4648 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1884,i,16279389329520155381,18108387751495857804,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\lock2go\" -spe -an -ai#7zMap30104:76:7zEvent32186
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\lock2go\instructions.txt
C:\Users\Admin\Downloads\lock2go\lock2goV1.3.EXE
"C:\Users\Admin\Downloads\lock2go\lock2goV1.3.EXE"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.178.66.33:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| DE | 136.243.55.84:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| DE | 148.251.194.214:443 | static.a-ads.com | tcp |
| BE | 2.17.107.123:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.55.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.194.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.107.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cold1.gofile.io | udp |
| FR | 31.14.70.248:443 | cold1.gofile.io | tcp |
| FR | 31.14.70.248:443 | cold1.gofile.io | tcp |
| US | 8.8.8.8:53 | 248.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| BE | 2.17.196.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.53.16.96.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1332_COGGHLAELQQBEMNN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 202f9fdf49bfd3d10c4ac573a2bd0a90 |
| SHA1 | d359ec13a3be7bd3d88a6a4dc5019c6cab66b433 |
| SHA256 | 05d4614a8ab345db220c7a56253af9b5f6154f2382d5576aa15fbbecf6e72573 |
| SHA512 | 96cb6902b9607caeb9ada0aed8ed41314a26af2338f0f4050eb1ce1925e2b2eda9e81d37bd4986152994298f27b26ef5e66f16cc8c8cb548be1b22d4e5292157 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 24db7cce5642dbc69ad10e138a6df515 |
| SHA1 | 85d9cd93513ad4cd3380815e4973d3d6e0e40f78 |
| SHA256 | b4193a3371e176a083fa65bdb09d0a11a57278247ed2e444b025d63e0e9d220f |
| SHA512 | cf930cb0409c40ef0dbc06ef2218c0ff6299f4dbcdce7a43db7d63dead0f9cbe4f36f869e5d4db8186006245deb2e8b499c5c753210bab28d02243aa365140ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3532691ee76a0d3b3a13338cf900d4ac |
| SHA1 | 56608d519bd5b58bb5a5fa5946702fa9ce0f22bc |
| SHA256 | ecd5a944343472d48fd5c604ea3a2831fe83b8ad768eb936a129149ccdc7cbed |
| SHA512 | d3809f9e1ebc6482b729331a96678ec8c43ecd2d5a14e262fb8f0b7d13657e6a625e6b7191184af358f28b0d78a8d5f7012a4d959d453b7fc9aa269beb464ef5 |
C:\Users\Admin\Downloads\lock2go.rar
| MD5 | 42b986dd380d029466a821faf08a48f6 |
| SHA1 | 5692ca918e1fcdf6ba36a0c4153042b404eb5746 |
| SHA256 | 5ebe5f043379b3e10bb40e8a27653b93e71f51c848f7d19a96cfbe2b4d5615b5 |
| SHA512 | d28bf00fbba9579bc1a38ca06d20697d9ea7d9d7e69023923b38b4788adcde5bf15515328732eba4b56dc00695f5b096205166c2505353f610b5125fc30b9c60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e7849003953e381c0f08f25523ac619 |
| SHA1 | 3b19fd96278289931cce71b9223451a64cbf500b |
| SHA256 | 681093bcd79268c67b2b367091679e2375d73f181209a8092bbe6ad54168432a |
| SHA512 | de3e8f86904d1d73aa9ed1173a66c8f9b5778752ffa16e0415beab5c3e94a20d97ce1430e7c9b3e5ce1577d3287de7be7bded0d6d8b0c9ffdf36d1182a6f9313 |
C:\Users\Admin\Downloads\lock2go\instructions.txt
| MD5 | 980fca82625fc2609334e91ddfe3c797 |
| SHA1 | 45309187d31395dd50b51482d930b9461290f2c8 |
| SHA256 | bf9d27f8636e27c64b21a5ec00482fa8d8dc022e6bd12e3a63f0800d51d9558d |
| SHA512 | 7b6a455dacd57ca3bf2453fa7e88bebb2813dddf9406d41efd1dc0a387fcb58a60e0055273a31c6b08d23dfa44bae648169d0288a5ac051258670d2b4a0199db |
C:\Users\Admin\Downloads\lock2go\lock2goV1.3.EXE
| MD5 | fe08519e7e60cdeb45a8c59194c9530a |
| SHA1 | 81b021f5609b30203b5c6c2f3d641b221767bf38 |
| SHA256 | beda349bcb2fbd6e9300e4cc2f6e2d04dec80a43871dd85fb93868055a677bf3 |
| SHA512 | d57a749c59deb2d774cca6671e3030f55c66858f8ff7b428f5a160c67d2335c4b2c0c4a25d70e82fe5649d5fcfafa1884f395e502c0590433ea2ffd48f75048d |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
| MD5 | 1865683e49a401e02e57058ae9761c92 |
| SHA1 | 4fe814655b0b2cbfb4fe56daf7fb3e059ba75560 |
| SHA256 | 008dc90ac87b8733886c2a312a3521b9e863005fd24db53cce79aff021050619 |
| SHA512 | b5016041f8285990ec90c3efd5eaba01c90feb67ebc8c5759a5a336dc0896fefa37c08ea6a6412e8e6458dec6e152669ce57462bba6006e0818ac77aa505a336 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\python311.dll
| MD5 | b8769a867abc02bfdd8637bea508cab2 |
| SHA1 | 782f5fb799328c001bca77643e31fb7824f9d8cc |
| SHA256 | 9cf39945840ee8d769e47ffdb554044550b5843b29c68fa3849ba9376c3a7ec8 |
| SHA512 | bf01e343877a92d458373c02a9d64426118915ade324cf12d6ff200970da641358e8f362732cd9a8508845e367313c9bab2772d59a9ae8d934cd0dd7d28535b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\VCRUNTIME140.dll
| MD5 | 1e6e97d60d411a2dee8964d3d05adb15 |
| SHA1 | 0a2fe6ec6b6675c44998c282dbb1cd8787612faf |
| SHA256 | 8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9 |
| SHA512 | 3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\base_library.zip
| MD5 | 83d235e1f5b0ee5b0282b5ab7244f6c4 |
| SHA1 | 629a1ce71314d7abbce96674a1ddf9f38c4a5e9c |
| SHA256 | db389a9e14bfac6ee5cce17d41f9637d3ff8b702cc74102db8643e78659670a0 |
| SHA512 | 77364aff24cfc75ee32e50973b7d589b4a896d634305d965ecbc31a9e0097e270499dbec93126092eb11f3f1ad97692db6ca5927d3d02f3d053336d6267d7e5f |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libcrypto-1_1.dll
| MD5 | 90311ea0cc27e27d2998969c57eba038 |
| SHA1 | 4653f1261fb7b16bc64c72833cfb93f0662d6f6d |
| SHA256 | 239d518dd67d8c2bbf6aeaded86ed464865e914db6bf3b115973d525ebd7d367 |
| SHA512 | 6e2f839fb8d7aaab0b51778670da104c36355e22991eae930d2eaecabab45b40fda5e2317f1c928a803146855ac5553e4e464a65213696311c206bec926775d8 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_tkinter.pyd
| MD5 | 992ec7ea4dcbb3cdbe94f3099f5e7ca2 |
| SHA1 | 85520ae918f92144c29b916bd94d3657e7485d73 |
| SHA256 | eceb324020654062f58a9b7947b98ffb57c7b75d2899840c34845e4cd5ef520f |
| SHA512 | ba0e4fe67de83f9719c2e69f5ac52ab4c3fb2ba8d23981930a8a9ae103c97bd8d867f56a7a156803dc039aaf4701d78f816d96454a3260c409923b937dd96a1e |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_socket.pyd
| MD5 | b55ce33c6ba6d7af221f3d8b1a30a6f7 |
| SHA1 | b8696ed5b7a52c9bfda5c1ea4bd43a9ecc17fed0 |
| SHA256 | ec5817b46539f9a5cbf1525cf7c714bc0e9f5a918fc4b963dec9c301b86c7d1f |
| SHA512 | 4d15d90dd2bacc8c9537533b1267455fbc030e38546c1f6f4eb7dabe690c744471bd45c079f0c711b9eca330f1a413ea37fc6b08810854d5f51b69b19e991462 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_lzma.pyd
| MD5 | b4251ed45538a2a7d79737db8fb139db |
| SHA1 | cded1a4637e7e18684d89cd34c73cfae424183e6 |
| SHA256 | caad390c4c3c6b1e50a33754a0af7d2c3f4b1245c8ead79ff7f7be0e5654e210 |
| SHA512 | d40f7de85c8dbb3e16135e1f8d8ce829cb681eaab49c6f4c40792fa8f733743df70cfa7c6224e06bff68214069f90cd960970ac47d0348e9827a2136789c43c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk86t.dll
| MD5 | 2d22c933ab895730b49058514ac16a5f |
| SHA1 | 86a589ea7a942f9f09adc99e037ccb7bfabe28e1 |
| SHA256 | f37b85b38f04303a1394c95dd2e67f08efbde1bafd9bfc3b2403e171bf5f979b |
| SHA512 | 5d697895c728b3c5fb4a2d16ee5bde3b9644365af8b35dbc221b01ed3462896f8d8c8fd5fa946ce7f1a65d0f561b7d0fc18befb9b3257b3728bc99cdf58973c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl86t.dll
| MD5 | d99809b3282ce68bffc5ee22ff7f78e3 |
| SHA1 | 9608d2e0d5c8f786ad8e6d74fb8ec0592700e860 |
| SHA256 | 7ed409592314926d14c5d1663fce0701d1b0a2bc6d0360bfbe4014efd230f7df |
| SHA512 | 8492114f53f7feab88c3ea414e248a83db779e8c31c1289fece4085b9e916c6a189ee6a058a9dbca3f84b053a873d9ef6832673cf1df787a20bf8a15e5a28a66 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_hashlib.pyd
| MD5 | 303a1d7d21ca6e625950a966d17f86be |
| SHA1 | 660aaad68207dc0a4d757307ad57e86b120f2d91 |
| SHA256 | 53180306bad339e76cc427009db15f124f49d4c879676258264365a7e2ed703f |
| SHA512 | 99036d59cad6f286e8f901acadcc7db192bb385699228b1b34907ea49fb5ff07b636550c04f0d4b70f161a26ea2e58794d9080d69d053ada08d2ad9bd3f861df |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\init.tcl
| MD5 | 982eae7a49263817d83f744ffcd00c0e |
| SHA1 | 81723dfea5576a0916abeff639debe04ce1d2c83 |
| SHA256 | 331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f |
| SHA512 | 31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_decimal.pyd
| MD5 | bcdbf3a04a8bfd8c8a9624996735fc1a |
| SHA1 | 08d35c136fe5c779b67f56ae7165b394d5c8d8ef |
| SHA256 | 1f6db9be716626f6803cefd646fbbc478878c6acce597d9f6c5776dc7b69d3c7 |
| SHA512 | d22195c0a0535f7986d0a6d0bb820d36c8824a0b15378cb5d5ab0f334064896e0d64ed880d706f80e0b96d022631fc6b4fcc47371ca1d5cdd2c37dd75c62274b |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_bz2.pyd
| MD5 | f73ea2b834471fb01d491a65caa1eea3 |
| SHA1 | 00e888645e0a1638c639a2c21df04a3baa4c640a |
| SHA256 | 8633e8ad7172b095ed7ba40fa1039a64b04b20e6f42ac428e103d0c793831bda |
| SHA512 | b8329b33d78458c2ac7979a5c5a19bd37ea9a473682d23faf54e77cfc5edadc0426490add9864e99a719ac5b4a57c5326ed82496adf80afd1876577caa608418 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\unicodedata.pyd
| MD5 | b98d5dd9980b29ce394675dc757509b8 |
| SHA1 | 7a3ad4947458baa61de998bc8fde1ef736a3a26c |
| SHA256 | 1498105d00434a5ebbaa6bee2e5f5677c34a948b2073d789f4d4b5968a4c8aaf |
| SHA512 | ba7e52deaf88aab062646d6a70f9e15016fcbdcf55a4f16d8c73ea6a63ad591eb3b623514a9fecc03188b1d1eb55a6b168da55bb035dc7d605cae53def2b65f2 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\select.pyd
| MD5 | aae48cf580702fec3a79524d1721305c |
| SHA1 | 33f68231ff3e82adc90c3c9589d5cc918ad9c936 |
| SHA256 | 93b2b54c80d03ff7ade5fe4cd03baed8c5b5a8e1edcd695a53bae2e369006265 |
| SHA512 | 1c826364015684bb3fb36ce1fcb608da88f4c74b0eec6b53f4ca07b5ea99fee8b4e318c1570ce358cefd6b7bdf21b046b1375c3d687f6d0d08bf7b955568a1c6 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\encoding\cp1252.enc
| MD5 | e9117326c06fee02c478027cb625c7d8 |
| SHA1 | 2ed4092d573289925a5b71625cf43cc82b901daf |
| SHA256 | 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e |
| SHA512 | d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\auto.tcl
| MD5 | 08edf746b4a088cb4185c165177bd604 |
| SHA1 | 395cda114f23e513eef4618da39bb86d034124bf |
| SHA256 | 517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c |
| SHA512 | c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\button.tcl
| MD5 | aeb53f7f1506cdfdfe557f54a76060ce |
| SHA1 | ebb3666ee444b91a0d335da19c8333f73b71933b |
| SHA256 | 1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5 |
| SHA512 | acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\icons.tcl
| MD5 | 995a0a8f7d0861c268aead5fc95a42ea |
| SHA1 | 21e121cf85e1c4984454237a646e58ec3c725a72 |
| SHA256 | 1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85 |
| SHA512 | db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\scrollbar.tcl
| MD5 | 3fb31a225cec64b720b8e579582f2749 |
| SHA1 | 9c0151d9e2543c217cf8699ff5d4299a72e8f13c |
| SHA256 | 6eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8 |
| SHA512 | e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\menubutton.tcl
| MD5 | 4c8d90257d073f263b258f00b2a518c2 |
| SHA1 | 7b58859e9b70fb37f53809cd3ffd7cf69ab310d8 |
| SHA256 | 972b13854d0e9b84de338d6753f0f11f3a8534e7d0e51838796dae5a1e2e3085 |
| SHA512 | ed67f41578ee834ee8db1fded8aa069c0045e7058e338c451fa8e1ade52907bed0c95631c21b8e88461571903b3da2698a29e47f990b7a0f0dd3073e7a1bcadc |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\button.tcl
| MD5 | d4bf1af5dcdd85e3bd11dbf52eb2c146 |
| SHA1 | b1691578041319e671d31473a1dd404855d2038b |
| SHA256 | e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf |
| SHA512 | 25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\utils.tcl
| MD5 | d98edc491da631510f124cd3934f535f |
| SHA1 | 33037a966067c9f5c9074ae5532ff3b51b4082d4 |
| SHA256 | d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be |
| SHA512 | 23faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\cursors.tcl
| MD5 | 18ec3e60b8dd199697a41887be6ce8c2 |
| SHA1 | 13ff8ce95289b802a5247b1fd9dea90d2875cb5d |
| SHA256 | 7a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91 |
| SHA512 | 4848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\fonts.tcl
| MD5 | 80331fcbe4c049ff1a0d0b879cb208de |
| SHA1 | 4eb3efdfe3731bd1ae9fd52ce32b1359241f13cf |
| SHA256 | b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b |
| SHA512 | a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\ttk\ttk.tcl
| MD5 | af45b2c8b43596d1bdeca5233126bd14 |
| SHA1 | a99e75d299c4579e10fcdd59389b98c662281a26 |
| SHA256 | 2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b |
| SHA512 | c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\text.tcl
| MD5 | 7c2ac370de0b941ae13572152419c642 |
| SHA1 | 7598cc20952fa590e32da063bf5c0f46b0e89b15 |
| SHA256 | 4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e |
| SHA512 | 8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\spinbox.tcl
| MD5 | 77dfe1baccd165a0c7b35cdeaa2d1a8c |
| SHA1 | 426ba77fc568d4d3a6e928532e5beb95388f36a0 |
| SHA256 | 2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277 |
| SHA512 | e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\scrlbar.tcl
| MD5 | 5249cd1e97e48e3d6dec15e70b9d7792 |
| SHA1 | 612e021ba25b5e512a0dfd48b6e77fc72894a6b9 |
| SHA256 | eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f |
| SHA512 | e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\scale.tcl
| MD5 | 857add6060a986063b0ed594f6b0cd26 |
| SHA1 | b1981d33ddea81cfffa838e5ac80e592d9062e43 |
| SHA256 | 0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05 |
| SHA512 | 7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\panedwindow.tcl
| MD5 | 286c01a1b12261bc47f5659fd1627abd |
| SHA1 | 4ca36795cab6dfe0bbba30bb88a2ab71a0896642 |
| SHA256 | aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9 |
| SHA512 | d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\menu.tcl
| MD5 | 078782cd05209012a84817ac6ef11450 |
| SHA1 | dba04f7a6cf34c54a961f25e024b6a772c2b751d |
| SHA256 | d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89 |
| SHA512 | 79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\listbox.tcl
| MD5 | 804e6dce549b2e541986c0ce9e75e2d1 |
| SHA1 | c44ee09421f127cf7f4070a9508f22709d06d043 |
| SHA256 | 47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801 |
| SHA512 | 029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\entry.tcl
| MD5 | f109865c52d1fd602e2d53e559e56c22 |
| SHA1 | 5884a3bb701c27ba1bf35c6add7852e84d73d81f |
| SHA256 | af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048 |
| SHA512 | b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\opt0.4\pkgIndex.tcl
| MD5 | 07532085501876dcc6882567e014944c |
| SHA1 | 6bc7a122429373eb8f039b413ad81c408a96cb80 |
| SHA256 | 6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe |
| SHA512 | 0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\http1.0\pkgIndex.tcl
| MD5 | a387908e2fe9d84704c2e47a7f6e9bc5 |
| SHA1 | f3c08b3540033a54a59cb3b207e351303c9e29c6 |
| SHA256 | 77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339 |
| SHA512 | 7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\pkgIndex.tcl
| MD5 | 3367ce12a4ba9baaf7c5127d7412aa6a |
| SHA1 | 865c775bb8f56c3c5dfc8c71bfaf9ef58386161d |
| SHA256 | 3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898 |
| SHA512 | f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\package.tcl
| MD5 | ddb0ab9842b64114138a8c83c4322027 |
| SHA1 | eccacdc2ccd86a452b21f3cf0933fd41125de790 |
| SHA256 | f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948 |
| SHA512 | c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl8\8.5\msgcat-1.6.1.tm
| MD5 | bd4ff2a1f742d9e6e699eeee5e678ad1 |
| SHA1 | 811ad83aff80131ba73abc546c6bd78453bf3eb9 |
| SHA256 | 6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb |
| SHA512 | b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\tm.tcl
| MD5 | 215262a286e7f0a14f22db1aa7875f05 |
| SHA1 | 66b942ba6d3120ef8d5840fcdeb06242a47491ff |
| SHA256 | 4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f |
| SHA512 | 6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tk\tk.tcl
| MD5 | 338184e46bd23e508daedbb11a4f0950 |
| SHA1 | 437db31d487c352472212e8791c8252a1412cb0e |
| SHA256 | 0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9 |
| SHA512 | 8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3 |
C:\Users\Admin\AppData\Local\Temp\_MEI10162\tcl\tclIndex
| MD5 | c62fb22f4c9a3eff286c18421397aaf4 |
| SHA1 | 4a49b8768cff68f2effaf21264343b7c632a51b2 |
| SHA256 | ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89 |
| SHA512 | 558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 14:44
Reported
2024-05-10 14:52
Platform
win11-20240419-en
Max time kernel
209s
Max time network
203s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\lock2go\lock2go\lock2goV1.3.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\Downloads\lock2go\lock2go\lock2goV1.3.EXE | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598261589427246" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\lock2go.rar:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/BZ1Ftt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95eb8cc40,0x7ff95eb8cc4c,0x7ff95eb8cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1796 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2336 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3108 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4104,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2924 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3356,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4736 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4964,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4312 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3304,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3296 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5196,i,9883612307460123796,7556393979466630088,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3292 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\lock2go\lock2go\" -spe -an -ai#7zMap2899:92:7zEvent4850
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\lock2go\lock2go\lock2goV1.3.EXE
"C:\Users\Admin\Downloads\lock2go\lock2go\lock2goV1.3.EXE"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 151.80.29.83:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | 83.29.80.151.in-addr.arpa | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| DE | 78.46.174.169:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| DE | 78.46.33.196:443 | static.a-ads.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 31.14.70.248:443 | cold1.gofile.io | tcp |
| FR | 31.14.70.248:443 | cold1.gofile.io | tcp |
Files
\??\pipe\crashpad_4292_AGWHXGSICEUDYIQM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 9b42f565f2b9a89339124b07c1309ae1 |
| SHA1 | 9b45962c1dc0c84530a8efe41192cf3367ac6302 |
| SHA256 | f32b969050078955118af49e72b43b27c12de46c9b62762e6dda3da3cc31a993 |
| SHA512 | 9e1d1df594c2e06d9a730354e258597d0f973b3be0613f9e72e64a3595768d574fd2e0dc070bc07d82dd4157305bec108de6c1595d4660464f2078f72c8af6f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c9467318054d71ea627fc6ccfd1ab50d |
| SHA1 | 77e05b29c7829ec8fd0dd6d9f97465aece38f3fc |
| SHA256 | 36779af909cee4b70261c28974b4e2b63c0df0d65791444c568b93a7ab57cb9d |
| SHA512 | 4da0965f61848627b3904a03e50a574cf6201e12532ee020c7c183fcf7c9d2acc18ebb0a2c4b630ecf3fd5ea27aecc3b90a08ebb01d79c2c198e5e6e314a3d7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d526911597ba667494b121e8fc79ae5 |
| SHA1 | 3f7c114d013e0e45d34196a0eaaf6dee69524753 |
| SHA256 | 71621ac4fa259fe4bdf283e6bcfb390b1705a7c2f3a4478ab3345a70c157287d |
| SHA512 | 3591c893305d40a80bb39c544a83a623e3a69b6b7e54ac6e297d136ec0348b9d9459fefa825ead181f087006a9aa26f5b53e889757beb1770f232e74f55b1ebb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 14e87f223d4367c828999944997e96cc |
| SHA1 | e1e1fbd7e138c5fc954d423c374b37a935a50dc1 |
| SHA256 | 84ed6550236f2935cf0d98c0ae46185940e9b0649685b2167ade383f6925f214 |
| SHA512 | c7d3231437916df84874f68ac86435b02ecd9876963054b4b95a206b6d6aa034caba3ae032bb1307ebb29524c373af6d105bdde73e61e86dd43ebd1c4b425826 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 55b500fc5953edbd50b57d13d6f40474 |
| SHA1 | 58998f46a48b8cbe35313d07c77a051c374cfe34 |
| SHA256 | 35f2c1b26a805dfb4286229929da34a601fbf477fa231e12ef6caff325d73e14 |
| SHA512 | f2410671722a945f8b76124f002d6dcdc25f313c6542fb7f8fb1f7c0141b8567d9505d9a38cb791bcb33be1fb488495591c24d21db1eb058dcc970f915d8759a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9f47e1dc4e1099c99611edb9f6baa124 |
| SHA1 | 559f1d246c35792e9dedee18fe0d75c6d0bff3fe |
| SHA256 | f42e8e0d9f7950565362fa8e3d25c970bdfd5a0424b4f4d100cfef5b06518c86 |
| SHA512 | 16f831a78f20523df884dde0de914a1c1f2baeb20267fb118d002d874b7459ee450ca7070bfd72030288b7891713dbf6199fcc063f9d4c3c188a68bdf9c5717b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1efe5c9ea75fdc5c8fcef822b90f9fec |
| SHA1 | 525e6ee8aa69e82d4f8b6575dde98c7fa58bafbc |
| SHA256 | 388be31b566c34c77f880982f33f64af00250d4246a59464abdb312eb4ccedf5 |
| SHA512 | ec7c377e8928466d1d87181425fd9464f06b5026dd1d9e01d22a2050d2141dbb492bb06a26ad97a54a6750679257a2e2be793a80a3aa92e3d9506b33d2c1abe2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e7799f1c9c96a7b802fa7d3d00c2c90 |
| SHA1 | 8518a5646bb9ce5a2e4b847af785f93f46c639e7 |
| SHA256 | fdfb2424eb7be780663ca7844c3f9469858ff342cb9c4a7fdbb795e6dea63583 |
| SHA512 | f500ac0f7121df624e96d066b599efdeb95a8122b5d168437fe9441a59384b237a70c2f3a6bbf8ce5ae0e2694ca10c50efa9e556917070fabda14460876b2a33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7fe6d851f3c18dbeb01135cf2f6b3162 |
| SHA1 | 3b49ddb33c3026ea9e6bc010e156e0eea12a9373 |
| SHA256 | e96ba1477e05380512aeb2912faec0dd3fc6021045f868d9cd612221a8e06aa4 |
| SHA512 | aa393b4b35b220310ac3768f29f9e3fa1d4c58862c9782612937000c107bbb499b29cd85bb386a66157218967e905d9a5da08c501275f638f48018b242d4a017 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4cf4f10595164bb4a6ddcdaa8420a818 |
| SHA1 | b18b391275cba06123ea97eecc5aa3d26820063c |
| SHA256 | 650e33425ae410d7114e423ee4452d9115fbfa5405f88e3aed2143eaf98ac380 |
| SHA512 | 8508e815cfc81f69d04cfce257d36440154cc63240095949178c5ab6298047cdf39d04a579c8e1275b688956bb01ff52891007630a244a0c3f1330fc8cecd8a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ae3bb28b88e5908a3e0dcd155344e260 |
| SHA1 | 348ba0a1622d560655469987a1e20c4c1aa4184a |
| SHA256 | f48617475b926bb207a67f7513862a61dd0a57238b363660570dba4072ff1c3a |
| SHA512 | 265681b1311d0afefa073a82343d5f5c58a23c8e56b43b519c49123e6922b9e72b0198d481eda9666ec39d7c6365b8b17005ab5c814479d50cb0671e04f65b62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1634d68ed658085272f84a4951c61ed4 |
| SHA1 | 0f09b092414f4d42a51090410607df128ebc4cc1 |
| SHA256 | db013210b92a5b4c1a0c7c0734b1487e94626f938e8ead00dc453b0693c61617 |
| SHA512 | 5364da8aa22dca8c788728099940a65fcb0f915ac03c9ee59e086c446e9b2c587295c04655c7d88930d287e2d4e48dc75b7d7760ac415f9667e005cb33b6f6dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 828b5f28a31224b3bd7048cda5014cf7 |
| SHA1 | 6fe83f640a93834caf394c19091fd2607803b2d6 |
| SHA256 | 4a2513c7403001293a9d99e909aa9f39d2f69ee2f2a296eb1563feb5db8aca72 |
| SHA512 | 0b09d17ac9c098639669ba159d3c21603d70c84718df2f6bf55c8709b3c31390180dc1a2acb9494d51a3ebcb097436369a127fe73816dc56c9eda728b6238585 |
C:\Users\Admin\Downloads\lock2go.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a104b8aa3b9b44607672fe414d96cba2 |
| SHA1 | 3eef4963d5f30f9d4cb63030754bf64430f63e48 |
| SHA256 | f4864c35c9701ac1f645415436c552fb246fa5525c27d3a53751313225749d37 |
| SHA512 | 1a22617c2df810721c13a7a8735d8055da1074e1bc7c4c02eefe7f04cd2bff14a2a70b25e76d793d4e44f11a32a984d9649acfd3a5af0be269f8dd7f05dbf9ac |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6206f9ebec8b90fe1e6e5313d0b3fef |
| SHA1 | cedfb3b87a3b3fee4faf3e7aab4d64b3dde25cf7 |
| SHA256 | 385e27b5aaa84084c1402ddff2b33aa2b1f6918f86fc0ef1fff248e052fb8d71 |
| SHA512 | 51e147104be5b665cf93db2a60a3ac6e9853fbc2e3dbb3ecbce74e5712f723cb46f7d1520a6114749b5366ca94d0aaae759c3fc5d91297a62c6fdf891bd1b2c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8ffa5ecc7b602772288bbf28e71eac82 |
| SHA1 | 0dcc8bb050667d7a2fd31660ef59e7df6482298c |
| SHA256 | 4cab475a59adf4ffa192cf398c49168a194a3d30ad6cd1c6761f6cc1dee49545 |
| SHA512 | 7f58206d59aab8c58b82d34f0892a438646869e49e113d4fa37044e1f945ea6136dac3fb7470c0587dfc220178a1bce818b5540fcdb64a5040e837984e57f023 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | abee002895ba394eab1c272a61e3119d |
| SHA1 | cb1fc88ef522b96ae732fb5a64a91b86927c5b4c |
| SHA256 | fa57004e8dc2ced48774e1902cb0b387282dcfc3059a422e0a187b3b0fcb6222 |
| SHA512 | 4ddad0550f779e0dadaf71697a841fba6e4b0f2c664a9bab5c7a21f78e3226f31353e083051f855f0a0342285995bf878ef727791ac4dbfea95078649c3d7963 |
C:\Users\Admin\Downloads\lock2go\lock2go\lock2goV1.3.EXE
| MD5 | fe08519e7e60cdeb45a8c59194c9530a |
| SHA1 | 81b021f5609b30203b5c6c2f3d641b221767bf38 |
| SHA256 | beda349bcb2fbd6e9300e4cc2f6e2d04dec80a43871dd85fb93868055a677bf3 |
| SHA512 | d57a749c59deb2d774cca6671e3030f55c66858f8ff7b428f5a160c67d2335c4b2c0c4a25d70e82fe5649d5fcfafa1884f395e502c0590433ea2ffd48f75048d |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Cheat.exe
| MD5 | 1865683e49a401e02e57058ae9761c92 |
| SHA1 | 4fe814655b0b2cbfb4fe56daf7fb3e059ba75560 |
| SHA256 | 008dc90ac87b8733886c2a312a3521b9e863005fd24db53cce79aff021050619 |
| SHA512 | b5016041f8285990ec90c3efd5eaba01c90feb67ebc8c5759a5a336dc0896fefa37c08ea6a6412e8e6458dec6e152669ce57462bba6006e0818ac77aa505a336 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\python311.dll
| MD5 | b8769a867abc02bfdd8637bea508cab2 |
| SHA1 | 782f5fb799328c001bca77643e31fb7824f9d8cc |
| SHA256 | 9cf39945840ee8d769e47ffdb554044550b5843b29c68fa3849ba9376c3a7ec8 |
| SHA512 | bf01e343877a92d458373c02a9d64426118915ade324cf12d6ff200970da641358e8f362732cd9a8508845e367313c9bab2772d59a9ae8d934cd0dd7d28535b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\VCRUNTIME140.dll
| MD5 | 1e6e97d60d411a2dee8964d3d05adb15 |
| SHA1 | 0a2fe6ec6b6675c44998c282dbb1cd8787612faf |
| SHA256 | 8598940e498271b542f2c04998626aa680f2172d0ff4f8dbd4ffec1a196540f9 |
| SHA512 | 3f7d79079c57786051a2f7facfb1046188049e831f12b549609a8f152664678ee35ad54d1fff4447428b6f76bea1c7ca88fa96aab395a560c6ec598344fcc7fa |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\base_library.zip
| MD5 | 83d235e1f5b0ee5b0282b5ab7244f6c4 |
| SHA1 | 629a1ce71314d7abbce96674a1ddf9f38c4a5e9c |
| SHA256 | db389a9e14bfac6ee5cce17d41f9637d3ff8b702cc74102db8643e78659670a0 |
| SHA512 | 77364aff24cfc75ee32e50973b7d589b4a896d634305d965ecbc31a9e0097e270499dbec93126092eb11f3f1ad97692db6ca5927d3d02f3d053336d6267d7e5f |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\_socket.pyd
| MD5 | b55ce33c6ba6d7af221f3d8b1a30a6f7 |
| SHA1 | b8696ed5b7a52c9bfda5c1ea4bd43a9ecc17fed0 |
| SHA256 | ec5817b46539f9a5cbf1525cf7c714bc0e9f5a918fc4b963dec9c301b86c7d1f |
| SHA512 | 4d15d90dd2bacc8c9537533b1267455fbc030e38546c1f6f4eb7dabe690c744471bd45c079f0c711b9eca330f1a413ea37fc6b08810854d5f51b69b19e991462 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\_tkinter.pyd
| MD5 | 992ec7ea4dcbb3cdbe94f3099f5e7ca2 |
| SHA1 | 85520ae918f92144c29b916bd94d3657e7485d73 |
| SHA256 | eceb324020654062f58a9b7947b98ffb57c7b75d2899840c34845e4cd5ef520f |
| SHA512 | ba0e4fe67de83f9719c2e69f5ac52ab4c3fb2ba8d23981930a8a9ae103c97bd8d867f56a7a156803dc039aaf4701d78f816d96454a3260c409923b937dd96a1e |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\_lzma.pyd
| MD5 | b4251ed45538a2a7d79737db8fb139db |
| SHA1 | cded1a4637e7e18684d89cd34c73cfae424183e6 |
| SHA256 | caad390c4c3c6b1e50a33754a0af7d2c3f4b1245c8ead79ff7f7be0e5654e210 |
| SHA512 | d40f7de85c8dbb3e16135e1f8d8ce829cb681eaab49c6f4c40792fa8f733743df70cfa7c6224e06bff68214069f90cd960970ac47d0348e9827a2136789c43c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk86t.dll
| MD5 | 2d22c933ab895730b49058514ac16a5f |
| SHA1 | 86a589ea7a942f9f09adc99e037ccb7bfabe28e1 |
| SHA256 | f37b85b38f04303a1394c95dd2e67f08efbde1bafd9bfc3b2403e171bf5f979b |
| SHA512 | 5d697895c728b3c5fb4a2d16ee5bde3b9644365af8b35dbc221b01ed3462896f8d8c8fd5fa946ce7f1a65d0f561b7d0fc18befb9b3257b3728bc99cdf58973c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl86t.dll
| MD5 | d99809b3282ce68bffc5ee22ff7f78e3 |
| SHA1 | 9608d2e0d5c8f786ad8e6d74fb8ec0592700e860 |
| SHA256 | 7ed409592314926d14c5d1663fce0701d1b0a2bc6d0360bfbe4014efd230f7df |
| SHA512 | 8492114f53f7feab88c3ea414e248a83db779e8c31c1289fece4085b9e916c6a189ee6a058a9dbca3f84b053a873d9ef6832673cf1df787a20bf8a15e5a28a66 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\init.tcl
| MD5 | 982eae7a49263817d83f744ffcd00c0e |
| SHA1 | 81723dfea5576a0916abeff639debe04ce1d2c83 |
| SHA256 | 331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f |
| SHA512 | 31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\encoding\cp1252.enc
| MD5 | e9117326c06fee02c478027cb625c7d8 |
| SHA1 | 2ed4092d573289925a5b71625cf43cc82b901daf |
| SHA256 | 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e |
| SHA512 | d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\_hashlib.pyd
| MD5 | 303a1d7d21ca6e625950a966d17f86be |
| SHA1 | 660aaad68207dc0a4d757307ad57e86b120f2d91 |
| SHA256 | 53180306bad339e76cc427009db15f124f49d4c879676258264365a7e2ed703f |
| SHA512 | 99036d59cad6f286e8f901acadcc7db192bb385699228b1b34907ea49fb5ff07b636550c04f0d4b70f161a26ea2e58794d9080d69d053ada08d2ad9bd3f861df |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\_decimal.pyd
| MD5 | bcdbf3a04a8bfd8c8a9624996735fc1a |
| SHA1 | 08d35c136fe5c779b67f56ae7165b394d5c8d8ef |
| SHA256 | 1f6db9be716626f6803cefd646fbbc478878c6acce597d9f6c5776dc7b69d3c7 |
| SHA512 | d22195c0a0535f7986d0a6d0bb820d36c8824a0b15378cb5d5ab0f334064896e0d64ed880d706f80e0b96d022631fc6b4fcc47371ca1d5cdd2c37dd75c62274b |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\_bz2.pyd
| MD5 | f73ea2b834471fb01d491a65caa1eea3 |
| SHA1 | 00e888645e0a1638c639a2c21df04a3baa4c640a |
| SHA256 | 8633e8ad7172b095ed7ba40fa1039a64b04b20e6f42ac428e103d0c793831bda |
| SHA512 | b8329b33d78458c2ac7979a5c5a19bd37ea9a473682d23faf54e77cfc5edadc0426490add9864e99a719ac5b4a57c5326ed82496adf80afd1876577caa608418 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\unicodedata.pyd
| MD5 | b98d5dd9980b29ce394675dc757509b8 |
| SHA1 | 7a3ad4947458baa61de998bc8fde1ef736a3a26c |
| SHA256 | 1498105d00434a5ebbaa6bee2e5f5677c34a948b2073d789f4d4b5968a4c8aaf |
| SHA512 | ba7e52deaf88aab062646d6a70f9e15016fcbdcf55a4f16d8c73ea6a63ad591eb3b623514a9fecc03188b1d1eb55a6b168da55bb035dc7d605cae53def2b65f2 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\select.pyd
| MD5 | aae48cf580702fec3a79524d1721305c |
| SHA1 | 33f68231ff3e82adc90c3c9589d5cc918ad9c936 |
| SHA256 | 93b2b54c80d03ff7ade5fe4cd03baed8c5b5a8e1edcd695a53bae2e369006265 |
| SHA512 | 1c826364015684bb3fb36ce1fcb608da88f4c74b0eec6b53f4ca07b5ea99fee8b4e318c1570ce358cefd6b7bdf21b046b1375c3d687f6d0d08bf7b955568a1c6 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\libcrypto-1_1.dll
| MD5 | 90311ea0cc27e27d2998969c57eba038 |
| SHA1 | 4653f1261fb7b16bc64c72833cfb93f0662d6f6d |
| SHA256 | 239d518dd67d8c2bbf6aeaded86ed464865e914db6bf3b115973d525ebd7d367 |
| SHA512 | 6e2f839fb8d7aaab0b51778670da104c36355e22991eae930d2eaecabab45b40fda5e2317f1c928a803146855ac5553e4e464a65213696311c206bec926775d8 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\tclIndex
| MD5 | c62fb22f4c9a3eff286c18421397aaf4 |
| SHA1 | 4a49b8768cff68f2effaf21264343b7c632a51b2 |
| SHA256 | ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89 |
| SHA512 | 558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\tm.tcl
| MD5 | 215262a286e7f0a14f22db1aa7875f05 |
| SHA1 | 66b942ba6d3120ef8d5840fcdeb06242a47491ff |
| SHA256 | 4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f |
| SHA512 | 6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\tk.tcl
| MD5 | 338184e46bd23e508daedbb11a4f0950 |
| SHA1 | 437db31d487c352472212e8791c8252a1412cb0e |
| SHA256 | 0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9 |
| SHA512 | 8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\auto.tcl
| MD5 | 08edf746b4a088cb4185c165177bd604 |
| SHA1 | 395cda114f23e513eef4618da39bb86d034124bf |
| SHA256 | 517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c |
| SHA512 | c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\pkgIndex.tcl
| MD5 | 3367ce12a4ba9baaf7c5127d7412aa6a |
| SHA1 | 865c775bb8f56c3c5dfc8c71bfaf9ef58386161d |
| SHA256 | 3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898 |
| SHA512 | f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\icons.tcl
| MD5 | 995a0a8f7d0861c268aead5fc95a42ea |
| SHA1 | 21e121cf85e1c4984454237a646e58ec3c725a72 |
| SHA256 | 1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85 |
| SHA512 | db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\opt0.4\pkgIndex.tcl
| MD5 | 07532085501876dcc6882567e014944c |
| SHA1 | 6bc7a122429373eb8f039b413ad81c408a96cb80 |
| SHA256 | 6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe |
| SHA512 | 0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\http1.0\pkgIndex.tcl
| MD5 | a387908e2fe9d84704c2e47a7f6e9bc5 |
| SHA1 | f3c08b3540033a54a59cb3b207e351303c9e29c6 |
| SHA256 | 77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339 |
| SHA512 | 7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl\package.tcl
| MD5 | ddb0ab9842b64114138a8c83c4322027 |
| SHA1 | eccacdc2ccd86a452b21f3cf0933fd41125de790 |
| SHA256 | f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948 |
| SHA512 | c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tcl8\8.5\msgcat-1.6.1.tm
| MD5 | bd4ff2a1f742d9e6e699eeee5e678ad1 |
| SHA1 | 811ad83aff80131ba73abc546c6bd78453bf3eb9 |
| SHA256 | 6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb |
| SHA512 | b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\button.tcl
| MD5 | aeb53f7f1506cdfdfe557f54a76060ce |
| SHA1 | ebb3666ee444b91a0d335da19c8333f73b71933b |
| SHA256 | 1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5 |
| SHA512 | acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\scale.tcl
| MD5 | f1c33cc2d47115bbecd2e7c2fcb631a7 |
| SHA1 | 0123a961242ed8049b37c77c726db8dbd94c1023 |
| SHA256 | b909add0b87fa8ee08fd731041907212a8a0939d37d2ff9b2f600cd67dabd4bb |
| SHA512 | 96587a8c3555da1d810010c10c516ce5ccab071557a3c8d9bd65c647c7d4ad0e35cbed0788f1d72bafac8c84c7e2703fc747f70d9c95f720745a1fc4a701c544 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\scrollbar.tcl
| MD5 | 3fb31a225cec64b720b8e579582f2749 |
| SHA1 | 9c0151d9e2543c217cf8699ff5d4299a72e8f13c |
| SHA256 | 6eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8 |
| SHA512 | e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\menubutton.tcl
| MD5 | 4c8d90257d073f263b258f00b2a518c2 |
| SHA1 | 7b58859e9b70fb37f53809cd3ffd7cf69ab310d8 |
| SHA256 | 972b13854d0e9b84de338d6753f0f11f3a8534e7d0e51838796dae5a1e2e3085 |
| SHA512 | ed67f41578ee834ee8db1fded8aa069c0045e7058e338c451fa8e1ade52907bed0c95631c21b8e88461571903b3da2698a29e47f990b7a0f0dd3073e7a1bcadc |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\button.tcl
| MD5 | d4bf1af5dcdd85e3bd11dbf52eb2c146 |
| SHA1 | b1691578041319e671d31473a1dd404855d2038b |
| SHA256 | e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf |
| SHA512 | 25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\utils.tcl
| MD5 | d98edc491da631510f124cd3934f535f |
| SHA1 | 33037a966067c9f5c9074ae5532ff3b51b4082d4 |
| SHA256 | d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be |
| SHA512 | 23faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\cursors.tcl
| MD5 | 18ec3e60b8dd199697a41887be6ce8c2 |
| SHA1 | 13ff8ce95289b802a5247b1fd9dea90d2875cb5d |
| SHA256 | 7a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91 |
| SHA512 | 4848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\fonts.tcl
| MD5 | 80331fcbe4c049ff1a0d0b879cb208de |
| SHA1 | 4eb3efdfe3731bd1ae9fd52ce32b1359241f13cf |
| SHA256 | b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b |
| SHA512 | a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\ttk\ttk.tcl
| MD5 | af45b2c8b43596d1bdeca5233126bd14 |
| SHA1 | a99e75d299c4579e10fcdd59389b98c662281a26 |
| SHA256 | 2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b |
| SHA512 | c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\text.tcl
| MD5 | 7c2ac370de0b941ae13572152419c642 |
| SHA1 | 7598cc20952fa590e32da063bf5c0f46b0e89b15 |
| SHA256 | 4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e |
| SHA512 | 8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\spinbox.tcl
| MD5 | 77dfe1baccd165a0c7b35cdeaa2d1a8c |
| SHA1 | 426ba77fc568d4d3a6e928532e5beb95388f36a0 |
| SHA256 | 2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277 |
| SHA512 | e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\scrlbar.tcl
| MD5 | 5249cd1e97e48e3d6dec15e70b9d7792 |
| SHA1 | 612e021ba25b5e512a0dfd48b6e77fc72894a6b9 |
| SHA256 | eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f |
| SHA512 | e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\scale.tcl
| MD5 | 857add6060a986063b0ed594f6b0cd26 |
| SHA1 | b1981d33ddea81cfffa838e5ac80e592d9062e43 |
| SHA256 | 0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05 |
| SHA512 | 7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\panedwindow.tcl
| MD5 | 286c01a1b12261bc47f5659fd1627abd |
| SHA1 | 4ca36795cab6dfe0bbba30bb88a2ab71a0896642 |
| SHA256 | aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9 |
| SHA512 | d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\menu.tcl
| MD5 | 078782cd05209012a84817ac6ef11450 |
| SHA1 | dba04f7a6cf34c54a961f25e024b6a772c2b751d |
| SHA256 | d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89 |
| SHA512 | 79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562 |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\listbox.tcl
| MD5 | 804e6dce549b2e541986c0ce9e75e2d1 |
| SHA1 | c44ee09421f127cf7f4070a9508f22709d06d043 |
| SHA256 | 47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801 |
| SHA512 | 029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b |
C:\Users\Admin\AppData\Local\Temp\_MEI31162\tk\entry.tcl
| MD5 | f109865c52d1fd602e2d53e559e56c22 |
| SHA1 | 5884a3bb701c27ba1bf35c6add7852e84d73d81f |
| SHA256 | af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048 |
| SHA512 | b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c12ec8b96f0f26abc1b06911db0af96 |
| SHA1 | 4b72a45189304a91770eb5ac0da75e5ac8e2e301 |
| SHA256 | 44b018ad449139bc60e266e49a2212a026bf4c146179e9cfe2f78fcb53e4f2f8 |
| SHA512 | 8a965054423e1052fd8f64e7b7c4212b19df5eeede17cb2e6a18c33ee15f39aba5644e36d4ba132d0049651fce099d3a55661c8cb3267d9d87e5699d03469608 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb2b77872cb5f98a737ab66453e55088 |
| SHA1 | 26b58f63a4b6c454781c8c1e423cb00c551e3d74 |
| SHA256 | c57a6ea9cca1c3fdc625b7584670a74e06f35da20d919c0b4ea0f97690eb2c3d |
| SHA512 | d66f9cfdfe62a81a2c319f121b7beb9a1f3ecf872baab8ffcf002590fc2268743021cfab4584b47a6337d7431c2f4f46899f5d344d824c140531ccfbc494750f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 414ac8d834c239d931c7893a70be5a99 |
| SHA1 | 0e989bd5f23dd1faf3f784ab3780dd3425c1989b |
| SHA256 | e77831e9d29036b36f5b8aa816e5a6a12faf508afd2747865f4c769247ea921d |
| SHA512 | db94738474c5f13deb0e25a003092d6df8778fd380960474033863231ec213ace7116db49cdac9d1aced1511bfcefe4c36b61cb4c71044f0ce8f92a22a43e479 |