blackmatter | hxxps://github[.]com/Tennessene/LockBit

Analysis

max time kernel
1816s
max time network
1817s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-10-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Tennessene/LockBit

Score

10^/10

blackmatter lockbit defense_evasion discovery ransomware spyware stealer

Malware Config

Extracted

Family

blackmatter

Version

25.239

Extracted

Path

C:\t5j9Ned4i.README.txt

Family

lockbit

Ransom Note

~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. You can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. Sometimes you will need to wait for our answer because we attack many companies. Links for Tor Browser: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion Link for the normal browser http://lockbitsupp.uz If you do not get an answer in the chat room for a long time, the site does not work and in any other emergency, you can contact us in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] >>>> Your personal DECRYPTION ID: B7568014A48684D6D525F3F3722638C4 >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> Advertisement Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. You can do it both using your work computer or the computer of any other employee in order to divert suspicion of being in collusion with us. Companies pay us the foreclosure for the decryption of files and prevention of data leak. You can contact us using Tox messenger without registration and SMS https://tox.chat/download.html. Using Tox messenger, we will never know your real name, it means your privacy is guaranteed. If you want to contact us, write in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] If this contact is expired, and we do not respond you, look for the relevant contact data on our website via Tor or Brave browser Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

Emails

[email protected]

URLs

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion

http://lockbitapt.uz

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

https://twitter.com/hashtag/lockbit?f=live

Signatures

BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
ransomware blackmatter
Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\LockBit-main\builder.exe	family_lockbit
C:\Users\Admin\Downloads\LockBit-main\Build\LB3.exe	family_lockbit

Renames multiple (519) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 12 IoCs

Processes:

keygen.exebuilder.exebuilder.exekeygen.exebuilder.exebuilder.exebuilder.exebuilder.exebuilder.exebuilder.exeLB3.exeEAF8.tmp

pid	process
5108	keygen.exe
1280	builder.exe
860	builder.exe
924	keygen.exe
832	builder.exe
592	builder.exe
1592	builder.exe
4904	builder.exe
808	builder.exe
1884	builder.exe
308	LB3.exe
6764	EAF8.tmp

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 2 IoCs

Processes:

LB3.exe

description	ioc	process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-4106386276-4127174233-3637007343-1000\desktop.ini	LB3.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-4106386276-4127174233-3637007343-1000\desktop.ini	LB3.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in System32 directory 4 IoCs

Processes:

printfilterpipelinesvc.exesplwow64.exe

description	ioc	process
File created	C:\Windows\system32\spool\PRINTERS\PPvgweksm2rypsongch7fwh8ai.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPlpnwommce92s9r7tzrsm3bqmc.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\00002.SPL	splwow64.exe
File created	C:\Windows\system32\spool\PRINTERS\PP877hjv3bnhsou6w7v23dijsbe.TMP	printfilterpipelinesvc.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

LB3.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\t5j9Ned4i.bmp"	LB3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\t5j9Ned4i.bmp"	LB3.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

EAF8.tmp

pid process

6764 EAF8.tmp
Drops file in Windows directory 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Windows\Debug\ESE.TXT svchost.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
6764	EAF8.tmp

description	ioc	process
File opened for modification	C:\Windows\Debug\ESE.TXT	svchost.exe

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

builder.exeEAF8.tmpbuilder.exebuilder.exebuilder.exebuilder.exebuilder.exeLB3.execmd.exekeygen.exebuilder.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EAF8.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LB3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	keygen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exeONENOTE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ONENOTE.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ONENOTE.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeONENOTE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	ONENOTE.EXE

Modifies Control Panel 2 IoCs

evasion

Processes:

LB3.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Desktop	LB3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\Desktop\WallpaperStyle = "10"	LB3.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133741973570213720"	chrome.exe

Modifies registry class 8 IoCs

Processes:

firefox.exechrome.exeLB3.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.t5j9Ned4i	LB3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.t5j9Ned4i\ = "t5j9Ned4i"	LB3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\t5j9Ned4i\DefaultIcon	LB3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\t5j9Ned4i	LB3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\t5j9Ned4i\DefaultIcon\ = "C:\\ProgramData\\t5j9Ned4i.ico"	LB3.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

3916 NOTEPAD.EXE
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

ONENOTE.EXE

pid process

6740 ONENOTE.EXE
6740 ONENOTE.EXE

pid	process
3916	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 42 IoCs

Processes:

chrome.exeLB3.exeONENOTE.EXE

pid	process
420	chrome.exe
420	chrome.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
308	LB3.exe
6740	ONENOTE.EXE
6740	ONENOTE.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

420 chrome.exe
420 chrome.exe
420 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe7zG.exe

description	pid	process
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeRestorePrivilege	2604	7zG.exe
Token: 35	2604	7zG.exe
Token: SeSecurityPrivilege	2604	7zG.exe
Token: SeSecurityPrivilege	2604	7zG.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe
Token: SeShutdownPrivilege	420	chrome.exe
Token: SeCreatePagefilePrivilege	420	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

Processes:

chrome.exe7zG.exefirefox.exefirefox.exe

pid	process
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
2604	7zG.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe

Suspicious use of SendNotifyMessage 45 IoCs

Processes:

chrome.exefirefox.exefirefox.exe

pid	process
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
420	chrome.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
2372	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe
428	firefox.exe

Suspicious use of SetWindowsHookEx 17 IoCs

Processes:

ONENOTE.EXEOpenWith.exefirefox.exefirefox.exe

pid	process
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
6740	ONENOTE.EXE
1172	OpenWith.exe
2372	firefox.exe
428	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 420 wrote to memory of 700	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 700	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 1408	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4048	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4048	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe
PID 420 wrote to memory of 4152	420	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Tennessene/LockBit
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffacf5d9758,0x7ffacf5d9768,0x7ffacf5d9778
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1772,i,16414073640059993998,14339675909825382870,131072 /prefetch:2
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1772,i,16414073640059993998,14339675909825382870,131072 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1772,i,16414073640059993998,14339675909825382870,131072 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1772,i,16414073640059993998,14339675909825382870,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1772,i,16414073640059993998,14339675909825382870,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1772,i,16414073640059993998,14339675909825382870,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1772,i,16414073640059993998,14339675909825382870,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1772,i,16414073640059993998,14339675909825382870,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4928 --field-trial-handle=1772,i,16414073640059993998,14339675909825382870,131072 /prefetch:1
  2⤵
  PID:4620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4616

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\LockBit-main\" -spe -an -ai#7zMap24685:86:7zEvent3625
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2604

C:\Users\Admin\Downloads\LockBit-main\keygen.exe
"C:\Users\Admin\Downloads\LockBit-main\keygen.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5108

C:\Users\Admin\Downloads\LockBit-main\builder.exe
"C:\Users\Admin\Downloads\LockBit-main\builder.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1280

C:\Users\Admin\Downloads\LockBit-main\builder.exe
"C:\Users\Admin\Downloads\LockBit-main\builder.exe"
1⤵
- Executes dropped EXE
PID:860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\LockBit-main\Build.bat" "
1⤵
PID:3440
- C:\Users\Admin\Downloads\LockBit-main\keygen.exe
  keygen -path Build -pubkey pub.key -privkey priv.key
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type dec -privkey Build\priv.key -config config.json -ofile Build\LB3Decryptor.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:832
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -exe -pubkey Build\pub.key -config config.json -ofile Build\LB3.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:592
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -exe -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_pass.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1592
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -dll -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32.dll
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4904
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -dll -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32_pass.dll
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:808
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -ref -pubkey Build\pub.key -config config.json -ofile Build\LB3_ReflectiveDll_DllMain.dll
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1884

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\LockBit-main\Build\DECRYPTION_ID.txt
1⤵
PID:2540

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\LockBit-main\Build\Password_dll.txt
1⤵
PID:3920

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\LockBit-main\Build\Password_exe.txt
1⤵
PID:1060

C:\Users\Admin\Downloads\LockBit-main\Build\LB3.exe
"C:\Users\Admin\Downloads\LockBit-main\Build\LB3.exe"
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:308
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  - Drops file in System32 directory
  PID:6600
- C:\ProgramData\EAF8.tmp
  "C:\ProgramData\EAF8.tmp"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  PID:6764
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\EAF8.tmp >> NUL
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
1⤵
- Drops file in Windows directory
PID:6344

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
PID:6688
- C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
  /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{EAAE89D8-2682-4A39-9A4B-2CA3449C7826}.xps" 133741974463120000
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6740

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4876
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.0.2145003701\117789447" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1804 -prefsLen 18084 -prefMapSize 231738 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d7b9553-14ff-4ced-99fc-9f9364286e03} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 1648 28752d63258 socket
    3⤵
    - Checks processor information in registry
    PID:376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.1.827798866\434455942" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 1808 -prefsLen 18635 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e006b567-a554-435e-a4fe-f4d4ff54e754} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 2164 28752d65958 gpu
    3⤵
    PID:4268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.2.772671710\253254640" -childID 1 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 19464 -prefMapSize 231738 -jsInitHandle 1164 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dafd18c-469d-49c6-8090-0a8ad01a6d90} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 2940 2875679c758 tab
    3⤵
    PID:4092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.3.1620678937\580134300" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 19571 -prefMapSize 231738 -jsInitHandle 1164 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5385731f-de30-4506-8601-0844f9edfa30} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 3100 28747f2e458 tab
    3⤵
    PID:6208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.4.1777094880\84258657" -parentBuildID 20221007134813 -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 21588 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3954663e-11ce-4471-99f6-74bff768ccc0} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 4080 28759749458 rdd
    3⤵
    PID:6736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.5.859401941\943170156" -childID 3 -isForBrowser -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 27297 -prefMapSize 231738 -jsInitHandle 1164 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4fe7e94-c0a0-4602-9536-f9eb23f2bd3d} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 4664 2875a26da58 tab
    3⤵
    PID:7744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.6.1491551753\1806701432" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4912 -prefsLen 27297 -prefMapSize 231738 -jsInitHandle 1164 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c36a7dcd-d83d-4f7b-a7d1-1c5ea03df259} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 4584 2875a26c558 tab
    3⤵
    PID:7760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2372.7.156219367\1890400845" -childID 5 -isForBrowser -prefsHandle 4600 -prefMapHandle 5064 -prefsLen 27656 -prefMapSize 231738 -jsInitHandle 1164 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a90273e9-49f9-4c2d-b4bc-ae7086870674} 2372 "\\.\pipe\gecko-crash-server-pipe.2372" 5248 28759d57058 tab
    3⤵
    PID:7908

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\LockBit-main\t5j9Ned4i.README.txt
1⤵
PID:6268

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\t5j9Ned4i.README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.0.2050114320\1072447599" -parentBuildID 20221007134813 -prefsHandle 1584 -prefMapHandle 1568 -prefsLen 21447 -prefMapSize 233764 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a03116fe-c663-481d-b43c-abcd1553da85} 428 "\\.\pipe\gecko-crash-server-pipe.428" 1684 26530715958 gpu
    3⤵
    PID:5184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.1.963802867\1215819508" -parentBuildID 20221007134813 -prefsHandle 1976 -prefMapHandle 1972 -prefsLen 21492 -prefMapSize 233764 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c739353b-85a8-4486-ae7b-ca485f18c3c0} 428 "\\.\pipe\gecko-crash-server-pipe.428" 2000 2651dfdb558 socket
    3⤵
    PID:4396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.2.758488759\1363371951" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 21991 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ad02180-88be-4729-8be2-722cabe178ab} 428 "\\.\pipe\gecko-crash-server-pipe.428" 2724 26534374a58 tab
    3⤵
    PID:6376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.3.9558774\54111283" -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3180 -prefsLen 27261 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcbeee9b-315f-40ff-a033-686dd0c23ffb} 428 "\\.\pipe\gecko-crash-server-pipe.428" 3196 26534934c58 tab
    3⤵
    PID:4868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.4.1143488572\1735332918" -childID 3 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 27261 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {316299aa-0706-4503-a96d-90a1dd5ce68c} 428 "\\.\pipe\gecko-crash-server-pipe.428" 3720 2653681b258 tab
    3⤵
    PID:6920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.5.1797053978\474253697" -childID 4 -isForBrowser -prefsHandle 4100 -prefMapHandle 4092 -prefsLen 27261 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e657ac19-8be1-47f9-9b55-762ec87af40f} 428 "\\.\pipe\gecko-crash-server-pipe.428" 4116 26535a0ce58 tab
    3⤵
    PID:7504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.6.1782901771\1836695956" -childID 5 -isForBrowser -prefsHandle 4252 -prefMapHandle 4256 -prefsLen 27261 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {724d98ad-c8c3-4c94-bc7b-cc06517d0d2e} 428 "\\.\pipe\gecko-crash-server-pipe.428" 4336 26535a0b658 tab
    3⤵
    PID:7512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.7.1584966264\1839774703" -childID 6 -isForBrowser -prefsHandle 4472 -prefMapHandle 4476 -prefsLen 27261 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6288ab1c-42a6-47da-b1f4-f1b82ac869b4} 428 "\\.\pipe\gecko-crash-server-pipe.428" 4136 26535a09858 tab
    3⤵
    PID:7540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.8.1728352158\1171759853" -childID 7 -isForBrowser -prefsHandle 5276 -prefMapHandle 5300 -prefsLen 27300 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {483d1618-752f-458a-a692-9ec04aa229af} 428 "\\.\pipe\gecko-crash-server-pipe.428" 5332 26538a03858 tab
    3⤵
    PID:3816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.9.1049547563\2118163607" -childID 8 -isForBrowser -prefsHandle 3808 -prefMapHandle 3804 -prefsLen 27580 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f1390dc-8275-48e2-8bd9-6e912f1b6e63} 428 "\\.\pipe\gecko-crash-server-pipe.428" 3956 265387b2558 tab
    3⤵
    PID:5936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.10.165214820\1437346135" -childID 9 -isForBrowser -prefsHandle 4604 -prefMapHandle 4464 -prefsLen 27580 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d69a5b9-e9ca-487f-a27e-28ec41f3daf9} 428 "\\.\pipe\gecko-crash-server-pipe.428" 4596 265354e6058 tab
    3⤵
    PID:6092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="428.11.930370402\1470931518" -childID 10 -isForBrowser -prefsHandle 5952 -prefMapHandle 5956 -prefsLen 27580 -prefMapSize 233764 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15d8b39d-fe06-4542-aa63-d1f2b49f5dd1} 428 "\\.\pipe\gecko-crash-server-pipe.428" 5944 265354e6958 tab
    3⤵
    PID:6628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4106386276-4127174233-3637007343-1000\desktop.ini

Filesize
129B

MD5
da46b8792e21cc6c6b4f1a218d561bc2

SHA1
348d0469c19cbb1409cf245c1ccf61e4efa592f2

SHA256
db72cb8b55866565e00cfd9689dd59ca30de44e09eb4112266ac40e02e0055e9

SHA512
f7969e208dd18a930417941a5fa07a1139ead48ddc77f4703587359dc39cfb8dd09e77da2b87adae181902ccd1227140f053d5e5b1f88300af54f7a233b764be

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
292KB

MD5
68309717a780fd8b4d1a1680874d3e12

SHA1
4cfe4f5bbd98fa7e966184e647910d675cdbda43

SHA256
707bb3b958fbf4728d8a39b043e8df083e0fce1178dac60c0d984604ec23c881

SHA512
e16de0338b1e1487803d37da66d16bc2f2644138615cbce648ae355f088912a04d1ce128a44797ff8c4dfc53c998058432052746c98c687670e4100194013149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0d816869a9de80aaf23844a3494581da

SHA1
d1665f269f6441a7a364569b89a05606cde72467

SHA256
ab4776e2c06a64fce3c84ab74e748259bd7381c1e4eea23b626d592c8c4a167c

SHA512
9cc5a3a7c18e429b5281a1f89341d5f5ffac28ac783a8448eeccc5b17e4247e59c41137859ef5f623e87d012acc7970b768412bac9f937eac7a115d6742c9544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fe76bab18d4d6dbc55c55c7891650a50

SHA1
446b813cda02be66335bbbe93ab4b80b655add82

SHA256
9401f3c836a34e4cd6eb6d687030cd2b4b50566c72047edeb339eeef9a411818

SHA512
6a8ee26bd02628319cf4126820d7250e2786c42373988212f29aad53c8d81388e0f6727fa2786d38497b3d85214e98b87a79122837744aada829e089efe338e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba91037b7715eb2deaa2e8e16d7985e7

SHA1
92d1a5c3e896332bf3b6b5ada0831220895c5d8c

SHA256
e6278527279c4532820fd45606bd84b6d2091cd13dbd1cfd57eb850c90ca9caa

SHA512
cf7ca98ed7bc2dba61269cb9f9231bcc6ba155320f315b14bc643ea8876cdce7ba04813a25c3fdcef7c47c31d98907300803f2d476cfb7a980b86b1f00baa725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bfcc7bb09980d9ba0410e1bc0c5e7644

SHA1
09566b8b91faa960b1d2a6addab3063a3b902773

SHA256
7c517f6df8f02889defe9cc5d331546891565d38e036163732073180a3b8283c

SHA512
a83c4928b8f9f34706de334cdff18c3a34f0a5208b06fd65937d066cf3ed5f1023cdea4fcda9db0b9809b4ba4b60fb30313fa0babb697f215f849f2bb205c442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3275d8ce85ca32014f5e30a03b23e134

SHA1
b990d1ec1bbef0a771f041765b867c7c43b982e4

SHA256
abd4d9ea9c9e8faa34f52fdc3e0e2a6c2444f128f18d9d31435c4754250e0155

SHA512
d9509d6199ab4702af3b723673e7f2f649b49965292b7d6c4c0dd9804c45fc125d83f9db6ca069b96f041a340422e9adffe3b7053e585596f930b917d0da1288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0ae2600c385dd88ddfb8862f5fbb54e4

SHA1
b320952e0ef1acc519065cf824acdf3844478086

SHA256
bf6a6a817f88765ca72d541c2338f26e1b0e9eab5dd62811700dcbeca9f8a3ea

SHA512
76b51a8b060c0d5d501b02af87d46871d63f07dc36a1c3bc547644ee22780be5e41774faf175c478ba65c77d5b4f5d45db06ed80e0e6d49ce66d82edb880d37e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
dc46ceb84c8085d0f9086e22242b29f2

SHA1
d5e802d32ccb4d2e1d0e4950bb1de267810e98a4

SHA256
26edbaf1fad5c6aee50622a9772c50a38b45202b5820aee769443159d8b597c8

SHA512
1c830065025d7f5bce37ee9d5aa85aad7e569bafa2f0966e2367f6696acdb65cf646982d029b6984367e941742241d2e00f224dd294eef50ae88aa4f5a25880f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
346B

MD5
29b48915c51bac031e0c63ac9127ddb9

SHA1
464e555b69d5a675bd094187189f6685345d5fb1

SHA256
d53e3d15d899d9584e6f9d4145f6e6dc9d002079c4ad91e85ba30db2aa101450

SHA512
b159f12a0186c3175ebf36335478bdbfa09fc84b2cb487864974b0ab5a5ebf9f057ae54a81e98e4349bd74ee1996cf180dfc42fa59a9ea0fdb0cb9e780fe35d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
256B

MD5
523ebac21568f14b1525de1a5e9d86a1

SHA1
617ae458535cc6b18866a41ce97c20cb0b5527f8

SHA256
fa06726598bc6cf8b593d87b0c9ac058c2522d70555c0b3236096360a6d356b0

SHA512
431e0af210f0a24e1a91e6f854c2676ce79cbd4f544805de3bd2dec49118d7cbf4781296dd733bd729c0adb12014083946adab2ba891f72e4838dbf1692e69b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
03ac8872ce0764f2232b870d1ce4acc1

SHA1
02839c2b0d84ff6ade5250a42d1322fee6bc5240

SHA256
33957a21d7436910e608bbad6be03b70ae53500369690265b4723b947fb47b02

SHA512
5043cffffc863e27c25752fd25b677ec259d50415460e7df2eb06e9e8197a5858c032028940ba1ca273526e55f483ae84fcf6bbd48160343e67c9b667819e5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
f8921e82beea45cf7eb6c3409fb37cd0

SHA1
5cd9bc1d04a7d234eb52d2c5ecfa936adffae5c6

SHA256
107158ca66ec0d67897d4574bff792f5ea6b54d2476714b2b3003b0928c4f994

SHA512
cf92db094ef86a789f0803d270dfd56f9fb3201eda7460019e7800969e115c110a91e3ce03c1b75fd7ed022b2cbb2d268061c6f0f6f0ee9e3062a598668aeeb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
1eabac4b674385cd2d3ef569a6ee6adc

SHA1
6a65bee3b03b4516eb401c82a513c759e0938b2e

SHA256
409c607f4a913cdbfe7678b057a15522ede0978dee9da8fa4e0361dbe4e40095

SHA512
6921f205e3ddb5557172b1b4e7b82ef573f8f76dd1c29486686ec751af021f4b4ef7453e89a1b0197bddae1478e134e85c63425ea32e91ec93c90eeb67e2819d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
321B

MD5
10c3a4436a5e5d1affaefbf8ec6ba7f3

SHA1
f7fd51b858668a7ffa083d22441e2fa2d9c75b56

SHA256
b1c51595467230767b70e786cf49e692c73e58bad359e04b62a91838df8d45d8

SHA512
6458227b6b89a8e2b5bc56440800f4cf30cc568a0b4e19055bc7323ff1a8950afb2aff83278209656b57f88ae55d9980769214822be64401bd957b1ad6b97a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
265B

MD5
f4d07154d50e4c88dca3437de6656ba8

SHA1
7a515da62d9140de66c021da60ae4626c1656e2e

SHA256
0754cf67f3fac427d5567d88b8486a3f1fffdbf97a3e9708fbf649fd37be24f1

SHA512
fc1c753a5312dee160bba6f9971b158456cf232dd9924bc62366bacf3770dc1b7d3ddfb56500e113da55cbe9224d4d960ad41238a73a726559625aa585fae093

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
9ad4386873a659d10b03e8edd6ffd0d1

SHA1
88ad0c224473308a3f1e20d730c7030be1266221

SHA256
94fd81c91e65750053aa435198539d7efa89f91b889ced6dd9c8c61975138be6

SHA512
7a505ae05a24f55f0c169c419e32f6cd366722c9bcb2f8525e86e0d9a5bb27ba2be5ef890015930d7ab4c16b5467103593fb5b0dc985787732ef5069d2d6a0da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\cache2\entries\1E3BCFCD37CABD9083AF16412854B51249A04715

Filesize
61KB

MD5
f6593dbf221e7d6885393c8a9efc72c6

SHA1
5b000303ab8def42e521d3248a4e49beee7a7309

SHA256
d4076bebee1f46d77b1d2910a262cbf69731a1d2840f3b177c62accb66790bc5

SHA512
693e7d82f570f5e96da4e50c68674884bd132cb54eeac5b0634eaaf747e5868c57fa107942a1a43af02cc0677cffceb45de56a7f798c4937c9da1b121af298fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\cache2\entries\2E81E88060478DB287739403D495501AA989F607

Filesize
224KB

MD5
11b81ed4f9b36b9c691d88f75537eb3d

SHA1
bde3e24c92a154a30aaaa809f9e559b48782865d

SHA256
f65d917193270469dfea4cd151c5aa4be098a0d1ae71bbf98472dd0a3e9ab830

SHA512
d12ad177f649c96bee3631d98d139c455d783f423ac07ea0a9c289287b45d4ea1bced358b235ec0bbef315f18986b25f58d1dc3463b86f7fcd6cf0478f4d96b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\cache2\entries\34C6036F2C35716390C9E52DB78915199C28FB1E

Filesize
101B

MD5
122a6b6ac1290fe36cff3bfd39a0b0db

SHA1
5e64d5b253f53571b51d2c6dd62ddb9ed073d2c0

SHA256
94c463808828481eb882c318c1b483dfd1ec71b449d11146fe923b9b38cc8572

SHA512
0e14a9ece3b271605e11567bf894e1effed464171be644453fc62b516cff9d93367e6ed310f0628fef71e2c10601d83f3dc156e301bd9a48ca385f8820510219

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
2f5da93996e565114bef278331e43506

SHA1
addd00cab814fa379ffda127c41b5c18da36c77a

SHA256
b4c76cae1428c9662b4d50021d1fe42321745ca4012e4b2691dd7ac8f572698c

SHA512
65982d0bd00a28f20b34ac21f937b06676c933a536a64b14c02a6ce0c50d64e88c218472e155149bf72b826480d5b775354b9699dc3cab91f37c11af0b792dab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\cache2\entries\80135CEB34FB1EBCE62E2E02298499742CB29CC5

Filesize
99B

MD5
9c74693a143d19cfc9f77d00c7d39bd1

SHA1
09886255ff5d85d1d7c341702d09f90b34e3be21

SHA256
51ba2dfe20ff3443cdf3b340b5b27624cfaafaabc1183c37f9ec683c2c4c2127

SHA512
7dd3bc6c4c70202fadf21eaae54f2d0b2c05fbf964c63f68dbf8c34a6bedb94f9da316af9bda28f788f8f9791c896ba7d656183dac375062c7e99a1e188b411c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\cache2\entries\86B7D8A168EC48679FF2D8E20D467AF59943185F

Filesize
112B

MD5
e28ec8c750916ca2433fb89edb3959db

SHA1
d185605c0e63eb8924a48c56e8060012714c7cf4

SHA256
d65f6759d458915087f6814e3ae72121f547e1d25dc1afd31dd9210546532d96

SHA512
bcb0dc3abeab784c9f5607c9c7109a6911ff8005857ea81853c543f8569a44dcfa2a209b414b5861f69eff3b00c09a8cdd55a40424775d4d510b60c88d8bf909

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
298B

MD5
dfb9b7f0ae4aeb5ffe0def82a3e20676

SHA1
efb286ec79a18dd094f3f9ae4061771c70cc905e

SHA256
4339bc62d2760480aac9564bb2fff10319c11f54e4c7357560ad8622715970ad

SHA512
90ccfb44b679fe477bc2a6e0baac0a430bea7441306f709425fb1bf7f98d9ad2e5fcfa3a09d5053c6aa3e834f86789190f053bd7a94c495c35e8966ee221f7ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\cache2\entries\FAFA39832A2B6AEBE63AD4A7B8E424505DBC5AAF

Filesize
236KB

MD5
aa32969fc094f4594bf67f0e292d788d

SHA1
e95f6447388fd6c192c09c10b9fa266b0a620603

SHA256
ffdbb61b403b83ae968295c980f5a5e5369de99caa500d06b478d65ad3d91c65

SHA512
c607cadb39913784127b421e36b482be8c3326ccde81d910d04bbed6b1379ae38df804fb08596eacf911173838d34435ec867950a4b2c5b64aa0e4a63fbba69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F4672560-C007-4EEF-BFD0-A7E92BD9D3B8}

Filesize
4KB

MD5
57992b400449902b14578eccbf5077e4

SHA1
bec314e8559eb61de061d5cdfd6246e9e715033b

SHA256
c70031a5d67bff6610d2dd027cd419e4c27fcb2950732c4d3ab392b0fd2beecc

SHA512
f7d7478d62db8b901bb2cf0902cb381e73aa6c7a9d376a95e57e98a55c003e4f18dbee01c22c96afa8db9202ffbe1b4023cbd7f3730ebebc6ca403d8dc374554

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
85a30c5fa2a994494a4cd9c069739814

SHA1
f5d5e4b9f29b62a1318fa550ed976c7d5dbeb4d8

SHA256
e2c6e1d38f1979382bfa6d6a4c05a9faba64fb4601a17fe5e3cff4f339128781

SHA512
00b58299b20c15a7beb21fc0166cb97f778023666a9b14b6be91d9904654d3bfbe6aacc1952bb847c6c034dc7f82124eee56e01f5b61480f079701ca66d70732

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
0ad229a03c4ecc394c7f147a17fd38c5

SHA1
c2a004fe4e0ed01867890f6ff85528e0bd1d09ca

SHA256
053d034c490ff88c41b9c6c6cbeafe2c974d3e01e8b5c8a84f3268dec373afcc

SHA512
65317ee743dda18594e563fb2f503d611b1834b5cfd45436dbc73d167b704d07f3cda3122697ed4e3dc8267cb82ca2e98af6e08d952ce3d18255502f1ed56ff8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
ce73aebb889c9bafece9f69d25f11279

SHA1
913083d4c94c1ed81381cae254bf46d9afdbb068

SHA256
042e881bcf135082165f17b365a5fb638f06f72a0ead6f4dcacef5b697869688

SHA512
c9a897c87130a4bb8f087ed43f9373c209446b98a1e052ca3ce7c2eb7f812911080e996b01e7261ce981c72494774bddfdfef38c83f3c9fc987d05a1e8541371

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
377e0bda86056fa7f608c7b0fc534869

SHA1
b945d11d65bfc35b5708f2669404c8d3e96286c2

SHA256
29e1a93a296f575ac8a521e786dc6942495c9ad6f02ddf97c599933eab190e32

SHA512
32648fc84b8abaa04578e225c0a228626bf589954813d32aced7e8a9c59c49414c5d1020bacb5f4fc53b1449ddc062af0ea1245862d51604e8eed8549adee837

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\bookmarkbackups\bookmarks-2024-10-23_11_AmAs-Y4GIJDwP+0rN2jG3Q==.jsonlz4

Filesize
945B

MD5
396a5411c683d64fe47ad34249087a8a

SHA1
60eb3ef1448985534658ac0125087629dec5b002

SHA256
f7dc9c77e61e16acb332a9f06adfd0a7f5bf6a1c2329b1f1df8e9981728a73e5

SHA512
5d16df3d4aeee5011139a0783b677359d5b3a350fac8cba15e208fb1d5b9ae0408700045a4fce4af77de80f6d57a9e9f146135236268fe23a7cb259306918950

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\broadcast-listeners.json.tmp

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\datareporting\glean\db\data.safe.bin

Filesize
1KB

MD5
50185748dcdf35e694de4b174e097113

SHA1
399daa160b0de2b053e02b5263a57cacf040bc83

SHA256
2eb0112384a191fcb9d7a454c9583d12362ae90b8c62e1e88a24a487160fbc0f

SHA512
286df5747ab5a2c5725d7d02e9d69e9159d59b4c520f50b8ec85d78560e565283b77f673f69b2a9b3e1cfae8c5971d2ee96a8cba96ffe20a7125d60a4b64efa6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
6fd0a4bc1c01cb3e8e7bc9fbad55f03b

SHA1
88d3617fc5027343cf3a43b496a0018b0ac831c9

SHA256
dfad0ed442c9bc3176c02a42bbf18b39b2d2317a78287ffcd27b2ce5401fe297

SHA512
f4964d320419fd14fc1886689722c7e2832ee9b82f88030bf16163c84cb1563330f3547a4e08e61a65b9ce2d5975ee6de7574f7e7661d77f2dcbf41dcf120345

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\datareporting\glean\db\data.safe.bin

Filesize
11KB

MD5
045b00157caff45541489f019a87818d

SHA1
95b9e491160e8be0a603148012e72b097a9adabc

SHA256
73d1fba3fa7cf49456c0bcba2c2a733928aa56df50477c20cbed2a1666022881

SHA512
a410329e9a1c3f5f952ce0ccfd2ba95f7bc1751a7ce842c8bc2fa1f12b258cd661d14d990f36161ff876a3ec114791ba126b9e53bce0c7424c56c69560778866

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\datareporting\glean\pending_pings\980799bd-80ca-455b-8b05-f90df1832c40

Filesize
656B

MD5
3774e682a3532d1c182cfac67cca3883

SHA1
2c8171ed4ea928b6736a4bf683b3793227531f12

SHA256
a83398bf75b6c09c8c3a5805ebefc1122b6133e238075aef4f0892165770402b

SHA512
f38c29ea014f75a66982377983c0ab50041a92fa15d324fceebc09fac8f883a4cd02dfa4a24750cb39ab7ea0b6bd9dc7c998379e52f8436b3f184929684ec553

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\datareporting\glean\pending_pings\bb6715cb-1bf9-48e9-a17d-2fe3db77ee8f

Filesize
734B

MD5
6b5e1dc52ebcbd33070016241c7d0f15

SHA1
6b42a4a0331aebff1d203061fbe49e27a43040a4

SHA256
0c5d73edea7006e22818fc79b6264f2fa2987a6404b86ee784d7ed53dbc0ad9c

SHA512
1bdff3888c549212b762b6740f757ba35c0f0622b5182d2cd9c520d07987aed1f2a598700dcc1fd9399f9df013cd41a2b0401dbafec1b83eb36a8016276f427d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\datareporting\glean\pending_pings\f3ad403d-69e2-4b64-95c5-2676385a24fa

Filesize
587B

MD5
40d5a2ab5e3c7603ed8b96c9368bc2a8

SHA1
b0f641fe2df3e0c5c315b89612eb2dd618d4977c

SHA256
8bd97a94563247b323cd0e89124d85ac0b6c4eb658906de7ba88ecc631674662

SHA512
0156b5534ee62187b967703fc7cedc7653652bca85071670ab03509f652cb8550c25548c0cf42ad441eca088e62b48ab568eca815fde14119867f79a41991250

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\extensions.json.tmp

Filesize
34KB

MD5
a638cca76397370280a17dc5759dc31b

SHA1
5649540b8fddcc91ae31e05ee4ffb37f3a35e88a

SHA256
527e8e8f0367dd65de6a02d2a67827e5b54a4c30451961530789070162469b88

SHA512
23d8354ed78734f0e92ba2fb228d9d54666ab9776c956b9250dc91adc8fd5861c617af7c9788051c4370e1f3c836c47dfc335dcea15cbb32e493098390b2c589

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\key4.db

Filesize
288KB

MD5
0471444fdc8a07f1ff6fe251769e8c3c

SHA1
8272eae4d4ec916856224a8b1d3813135e4aac42

SHA256
f74107f5d9cb4de8a693711e80d95508d5080ca7e12b617556a6b67bf02abc54

SHA512
3546fceb43e066bdeda22ed140d373a28dae1e82609ddd38e2661c0d398c3297fccf57177b49fd58ac4e4cfffa3317c758c9ab551906919baf99bfe4a07ce580

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs-1.js

Filesize
6KB

MD5
c25c82c0bde01f5f9911f9d227c555a4

SHA1
29a56347e5e5686841af41097a77a4ad41bfc520

SHA256
c1b1d883d754d4c371ec81e28ba64da80c90c025f8d7fc3154446616674a9951

SHA512
474030f232a38b397d0ec64df8e6e7d9a0a359025445d839c23a56598a4a1234df41799e9a520f9968b4cfb128deb1a1a58da2752529d0f583bd9ff7b917c34f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs-1.js

Filesize
7KB

MD5
d4757d1dbf4250d2175d00fcc7a3fecb

SHA1
20ce6024ceac93e35fae8b06046ed762442e4fac

SHA256
ffcc94de210cdc9f3329bbabd60ae3e3d1d814649479e088b70c537374797b6e

SHA512
692ad8a1d37b55bb373574842190feb23139e55ecb7a5349b64b5886294277de2e3a321776eb3d0d708deb9c8cc8a835de26d54a238865ad988dc8cfccab5e9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs-1.js

Filesize
7KB

MD5
7f99e3c45f75252624b9ce36b8415f1f

SHA1
1db354fc71ff3ac47c51f00ebb8fc19044652b64

SHA256
0f298cec588205ca93508d9b6b5d1c0e5ba8bbbc1fb6d889507256efb40f0f41

SHA512
31241ef4049592650b88364cce20d641989bb905e42c51fc2309bd06c4c085a5e8254f4e2872d212e62e56176435fb2e03860db034cfd01fc35260bceaeaa6d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs-1.js

Filesize
7KB

MD5
f02b25d335d7b0f7ed39d44d1694a32c

SHA1
405ea727ad1f790a4e2cb3b39be9fabc7d9b8a59

SHA256
8c7356b821b7c34dd0ba321cefa5f830c8cb7682e6b44854cc6b798756fccfd4

SHA512
83d012f6472a4aa4b50b8f7cc9f80180ffa7413748176cabf575bba357fd9a49bcf1c8899a25fbbf3156666dfacb24b6ca2a3ba4b55cbc468fb0316dc94e6cd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs-1.js

Filesize
7KB

MD5
47fc1f85e816ac8f17632b6d035184cd

SHA1
8d920a78cdde936bb7aafa95a46cd5eeed71726c

SHA256
436c9e57137c62a878321feeab2c205f2827f1dc68d94b3b4dd280788f3ee3fd

SHA512
8d050a6c1ecd6c1f74ca8774ec002782fe963044cb02f76e2f2b1a72913d5f642dcf618c93b9e50775e480071350af403c48bee4214279501127985f7339d6d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs-1.js

Filesize
7KB

MD5
e8757b66911f40875872510d8f5abe50

SHA1
c7d7ae4781ac4cdcea9c4852403b62f881184d58

SHA256
a4693d788365cd68f6bff71139e010f343a820ccacff343dcff2e497230be6bf

SHA512
ef6a9c4037baf8624bcd8b8495746e18166d387a6c72cd0e117dbd6538690e27255bc014bb9c0954698c9fc99a455c83fd30dd0221c5e9e0720d19c4925a88e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs.js

Filesize
517B

MD5
be9e8493613044d0bdf68e07623658c1

SHA1
6b395f6f558ceacfa1b8991bb3ba97de9bc00e47

SHA256
25cdb06ee8acfba9ea9944f6dcf1bfbb03bdae8c80e952546d5ad739c87dcbce

SHA512
f5040386e154cad94851892c0d73be004d5fffd21806a1a91676e9797c1fe6c4560f6db8a5b98f18c61903d832fe945169946e7252dd77faee5d80cf2147642a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs.js

Filesize
2KB

MD5
ca2b15e1b278240e97aa0d70fa9b9209

SHA1
952ac287ce52635652cebb5fea9d68137ffe8d9a

SHA256
10126e85acf6ee36a0ab98948bc65297a9bd7dc18661daf4efe3e1ff869f5b34

SHA512
c68297befe1a7a39c011566e4d13f91fc6142c8f9fe2e1fb23988bed38d37d4092bdc8502b464ac61a246cd5e88a741e4a73e8aeb9fc154e77e244f53444e8f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs.js

Filesize
6KB

MD5
7502a94914f2468b15e6691233b7ddd1

SHA1
bc10271359439de6633f2a626505ea57e988ad0b

SHA256
793acc48e1c0c144d72c553db5b24e34fed84bb125cc87e094d2570f7cc63ab8

SHA512
2939922ee209500a8ecdb313257a49521390e594989048f777e7f58f1580dbb99582cd9b7b025ec7f946c92f48bc6bd9f1a4f29ecefc98d0b6d222799fef1499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\prefs.js

Filesize
6KB

MD5
837b962a372f416eeb970976454facaa

SHA1
11216fe26b7098f055a08652d3b29527bf73d34d

SHA256
1fe57feabefbcd248e6b852c9c4e496348bfdb245aa21cca78ce2b08078ed099

SHA512
3aa9e74599b63e939481ed4d788b5b608b0c3243c2c7e4c827bff4c2ce441a29fd0d4a9613a6f77484b797345136f2ed19527ff9de6100d07dafcfe9e7f77b8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\search.json.mozlz4

Filesize
299B

MD5
442c90a661c39d2efe2fc177804eac50

SHA1
6bf58f0959c8fcd58a73bedc8fef29a5bb7e540b

SHA256
a3bc4d30e90bdb567df7961c51f560ae4513f6c375a4a94e524ca5fb371ef375

SHA512
46c4a10234982fa0cb65f77f1c2bc0298f2f2b9dd5add94c5fd985decf9133ba6e53b56f8f432ef413dd93b22aed88b050a051b6a4e5f8fd02df7abdf7805308

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\search.json.mozlz4

Filesize
280B

MD5
41d220d4783f67d2b57beec20c135229

SHA1
6e97765e77920b6010fac2cb4abf1e3cea106541

SHA256
5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc

SHA512
dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
861B

MD5
fc3d54ca24afc97a96f70eb571217d98

SHA1
8f66dd7cbeb14740e715e9731634fe8b5e8e6ec1

SHA256
df71409373a730478334a4141771aaa8ed00d3e397bc1864024e5ca96664aef5

SHA512
651694f39407deea96f49b7454ae6d026d3ac170ee294a7cf0339b81db7ecfc28ddeabbead3b290b7035b49b1f893a7e375a2ccea6349125c19a8fe699481280

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
b622da2f121193606322b18eef41f77c

SHA1
2b7b32771ef7c36ef1126ae17ebc67bdeb01ec2b

SHA256
4e9ea40b2a978338575a995e50912d9f53bbf4c9f3b507e9af912d34acf9f9b0

SHA512
b13555e758073b042dcb1ab63c87856f5235ae3d2db6497821e58502ffed4e5394e8c9dc8cd65315cd2f1e3f8c02a2f8e662fcfb7db378b78cc82e5e6e3f7181

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
f76a261206851a7849db2064849b78a8

SHA1
a4fe49094254965037a8333f1f396b22818ac8ad

SHA256
a7f603d612235fd0a4a44aab7d68972949430eb11a437efb2b9f28c3386f78b9

SHA512
355ef81341067f8d831c5f5502126c7384845cb7bee98b16aef0e476abfa9839fb18b6d67993144726657efa9837b8b44862b65ed2dfe87a034c20f6723a09b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
60109257368e051b21e4eabf2937989a

SHA1
306a64f83dbef43ccfc45fdc2a63cda257003fbb

SHA256
c65f4ab5ffda48f2b7efb0f4651ced9087b125b951057ff0d9ab05a32f05396f

SHA512
ff91a7a46f9f96ad0baae11a34b137383bb4ca933982340d6cd2ae5ded1d429fe558263869a88d9d3ce750906788f94b36db229c0f888d82a6aee36407ef9303

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
a6cd9281c1616066db8bb916c988aec8

SHA1
b30f78100945d59161b8a6c99a716085b9c0d358

SHA256
a238a1e70418bbe99133c526a5401c06a07637fd438ca4f17b66590b22bc8382

SHA512
1cc8ebefd2d7a439b13956e2971bba7e170fd00bef6defad80d6bfbf64f30def0457e46a64db467e360ca9791133558af4561427b28ba64179e45da428d3d584

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
48aff3a994808a44a7f8e3cff54e6f53

SHA1
875b32ee9d6e85b41ac0a3c23007dc6d27b8f43a

SHA256
8431d571ec07de5122beb0402430c209d3bf70925b6e9fe123a421b2f0e98c61

SHA512
f23010913d3c1f935cb76dc33a4904bc6245195aa6ef83e6db91b5138d04d9a42b3b860af05a56e8a81299821d0ccd8417b7cdeb589cd5735e0ea7ba466da88f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\sessionstore.jsonlz4

Filesize
900B

MD5
f87d1db37ad95377022bad31d77697f5

SHA1
df8e3bec0b9cf1a139df165779fcad5b4933bbbd

SHA256
bd05e4d4f569ece986581c8bd80e4d62137f42b12af207703634e57874b26a24

SHA512
950ba012a3e59e6378dfd4bbda39544af2217d6408143cece46b55fee12ea9e63afca354f79c2df0cf8b8c4764179cff8df180993f6ca56020a726bd4f8a952b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
48KB

MD5
1fcd922b5055beebfa4eede22bbf2fa5

SHA1
4bfcdfed8a85f845d793028b77efd4e8b24660d8

SHA256
599756dec1b525c5e7724e46e6a4932dfe9638c8e3b282923594b6be04b78931

SHA512
2559bf0a3f233d763e7060c1f0ad727f4951c266a48d459d0e613fba0f101c139655c060c464c6442192094472f6fae863495fac5ba361e9f2fdae2805d9f8b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
176KB

MD5
dea1bbe8c60ae54e65c966667f1ccd48

SHA1
419720854c320492b07f26154039019c7c32f8e8

SHA256
7ae7918117f28f8ec164140634100ff4810f85c85b51c3c750ccbbd065704064

SHA512
496d0015f6f0aa6f197b5c7846fe156925e092a0283f177684749284dfda236334cfb1ade41386cbeb83be0fae717546fd231fc89a8f8d1c797f314c363b4b64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\targeting.snapshot.json

Filesize
4KB

MD5
499068770d1659c79b0601a3769d1c4d

SHA1
d77894e098a60b0edbce452c1738e0c04191b51d

SHA256
0df142122af4a2b1ad8e9ac9c1e3f0ed93dbfc3f0c30a6cc36589a21f52268c5

SHA512
69a369b8bf36f41a0f28f34923eca66b2e44057a43dc6a680926d66007d8adf4ad40d31a40da10b578e40c0847b70ce80609c9f1ad1cc1d6aa984c6cc4168474

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hq7d5tv0.default-release\xulstore.json

Filesize
219B

MD5
e2b6b47a51107acbac61577f658355a9

SHA1
496da9f47afc7202545f0596a9b96689d105c3ed

SHA256
a24ea73447807d6e7e5b96934b542205216ba430d6a902eb01b2cc01914c1a35

SHA512
ad6d7b68cb8ad33e48bc804b33852e85649825de30fb982ad9fbb846196d20103cf7dbeb1a4cb5a1ec2b2edac19c750e7922126a36558b31b8a61a5560ad4faf

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build.bat

Filesize
1KB

MD5
b8f24efd1d30aac9d360db90c8717aee

SHA1
7d31372560f81ea24db57bb18d56143251a8b266

SHA256
95df1d82137315708931f1fc3411e891cd42d1cab413d4380b479788729248ed

SHA512
14ebf7905f15983593164d1c093bb99d098daf3963f1b7a913c1a9763acb950075a0d2cceab3558cce3e7269c2a2d5dacc2b3c6c55807b0b6bda6bfad62dd032

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build\DECRYPTION_ID.txt

Filesize
16B

MD5
befad5033375c0921f4f08dc8fe53e24

SHA1
1779cdf5ecd4bdc51170ae0645f5d020eae4f547

SHA256
f8ed283cf0e4fd749f263e6ed45775c75ca3c6b5c25724af81bf86dd2221abc9

SHA512
a667e0d6eba8073caf90c955c81c307811b8c8502da444cadb33f6ba50328c250882fb935cdb5478a376e9234c2b337410d09727866c9266dc11c9601e489aa2

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build\GGGGGGG

Filesize
153KB

MD5
0c61970b1c0435d92808816c79d15f35

SHA1
d7e4ce59788996650b840ca66b7d476a29e71075

SHA256
f8aae3b11ec54b7230301cf0902ef7bcfc9c1a0a81f1b10e8cb3760b786a2ee4

SHA512
2bec119dabc0a632ace0a3bc13a3b3f6ba707182c463a758c9e25b5287c443d5f2488716935c3909bc13a65c7a3d66a065198ef4d6e943e313b06e37e07452a9

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build\LB3.exe

Filesize
153KB

MD5
3bd88438137b9f839329b3a0b0ba9dc1

SHA1
6fbb1246c772befe720d31241b515dd93e7f24f6

SHA256
d36526a1204ab49bb899513d12ac2a3ec7847f6af83f6f7993620ec617f7d4ae

SHA512
c5d3e4c8fd5a7d647e7150ae80fc7541f49fbad9391aae1d5d7f2a9044c99225229fcd20797099c3969a47beb95d2a38d2151280744ddf6cb105bd4f380ebfd2

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build\Password_dll.txt

Filesize
1KB

MD5
5f46bac6a345b2d798e94ecfad58ae6e

SHA1
e93ab6012730a6b44a0cca85fe6531581114cb98

SHA256
8e3fa391ddde72b1afda4535eeb5bb033628da6fceb858a9808ac5eeab05c4be

SHA512
2738c871a8c13a6440bed10e6312e0dedefc11e795204af22f6a286aee79df3e34b706f5c9a0d3e0725ae53ec6303bd4da260773789c2b042304dd1feadf652a

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build\Password_exe.txt

Filesize
2KB

MD5
1d18ee2f1701fbcf48bdb326d1cb48a9

SHA1
e8323f5a89c920e93c21ff05565ebea38b90b8d5

SHA256
40518244474dfa929140020096358611d106dc170e063362ddee3f5fedca0744

SHA512
737f2c147da54220549aef656c350cdf6579d083862149283c4e65d4cbd608f0933b876073ee6d158abd4baa6092667a882d77f18ae7ae8c304764190d494bdd

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build\priv.key

Filesize
344B

MD5
90bfddbc10395564bc46f6cab3b0b29d

SHA1
bb630b4b0738f798bf7c1a8f85233a8e8813a2b2

SHA256
9f4e2a0560f72a0883d493ce9629e734e5d436029eb21ed50a427b153ddc4e24

SHA512
b5660a69c5b17ac248ae2a7c34ad9df18aa7d672e7141576d83417744511b0c12e211724005b4e530dbb554fa26a88be0dcf6feab7e50a179569e8426a02e1f4

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build\pub.key

Filesize
344B

MD5
c3295f88498fbd305e2883aefa72538e

SHA1
2ba8549901c9c214ff7c357c3f0363ef0976be4e

SHA256
c320c560bde5ea56e19aac10b232c66dd76d9e99a0feee5cbb6e15685d64b82c

SHA512
8c20775b710f4553bacdb7e7345a5d11d554b60c3b8f545effacb7fe2f4b405c04429279d5f4a8533eadcf77aa27aa8d3f2b193f5bae63dcf0abbcf8bfb3b2a3

Download Submit
C:\Users\Admin\Downloads\LockBit-main\README.md

Filesize
4KB

MD5
7a2974d7a9f3444a2c650ae1540eb6d7

SHA1
afa5241ce1a17b54a2cb2bc7f85bb7e458ef3c62

SHA256
af405eb0d6ff52b6b2f0b24da5ffe98f0023a933d1616c701a5472856567eed1

SHA512
2de8c1087f1f978cdcef3a9afc2c92168226c51ed8ae891a318007ea0f29b6ceb5d400ada681faaa8548c444fb5b6f35bb20cbaf29a2ee8735c0b65f9926088f

Download Submit
C:\Users\Admin\Downloads\LockBit-main\builder.exe

Filesize
469KB

MD5
c2bc344f6dde0573ea9acdfb6698bf4c

SHA1
d6ae7dc2462c8c35c4a074b0a62f07cfef873c77

SHA256
a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

SHA512
d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

Download Submit
C:\Users\Admin\Downloads\LockBit-main\config.json

Filesize
8KB

MD5
de177fa08e9b2eaa378760afd53be6b2

SHA1
a18050f9e5f2412955df4b868ffb866209d2b84a

SHA256
d121f4293160e0a39cbb184c032cd45baf1372db00cd33afb0e166ac0a60ac4c

SHA512
44f4e745013eaa7d95486c91457c23fd9694f859920766f0139cf5ca9c84ff6c82d59be9675dd1a0c7b3216464c85cf732dbbdb0e641a5e47cbbf1830f4a0a8c

Download Submit
C:\Users\Admin\Downloads\LockBit-main\keygen.exe

Filesize
31KB

MD5
71c3b2f765b04d0b7ea0328f6ce0c4e2

SHA1
bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4

SHA256
ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37

SHA512
1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

Download Submit
C:\t5j9Ned4i.README.txt

Filesize
6KB

MD5
dd746ace17e44ace00885b91400f11d5

SHA1
4a0302d2dca400598f396e4230fdae71779cbeaa

SHA256
b27c3c8a30faf7c76483b7e5d964ae85046a9713caa46508ee7a1e31b7dc6272

SHA512
8ac26aa7262fdf1afdc74e604720a79ebde076c75f460d7d5f57ff4d81dedb1ad471eb114ddd428c1934029746f5c222339090680bc77a6ea09ce329e1da3ef1

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4106386276-4127174233-3637007343-1000\DDDDDDDDDDD

Filesize
129B

MD5
399751db511d206fa643e931b657568f

SHA1
85151b173ff6a448c802a13de8f38343894a5f4d

SHA256
50f971dbecbf40bbeb896bb52524509e1ffaab853cfeaf62ee125adb812710fa

SHA512
8be8b7c99629d8f05b870e78c487be236d5ae80e441ce2da6fbfcd53bcb00ead2b31b73c7885d3f3c4618a24876096c918dd214a9e3315281ed1930e3b3434a3

Download Submit
\??\pipe\crashpad_420_RQQHDPUCAGYMCBKF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6344-3133-0x000001F317810000-0x000001F317820000-memory.dmp

Filesize
64KB

Download
memory/6344-3146-0x000001F31BF20000-0x000001F31BF21000-memory.dmp

Filesize
4KB

Download
memory/6344-3148-0x000001F31C060000-0x000001F31C061000-memory.dmp

Filesize
4KB

Download
memory/6344-3137-0x000001F317850000-0x000001F317860000-memory.dmp

Filesize
64KB

Download
memory/6344-3144-0x000001F31BEA0000-0x000001F31BEA1000-memory.dmp

Filesize
4KB

Download
memory/6344-3149-0x000001F31C080000-0x000001F31C081000-memory.dmp

Filesize
4KB

Download
memory/6740-3180-0x00007FFA9B310000-0x00007FFA9B320000-memory.dmp

Filesize
64KB

Download
memory/6740-3617-0x000001664AA70000-0x000001664AB75000-memory.dmp

Filesize
1.0MB

Download
memory/6740-3178-0x00007FFA9B310000-0x00007FFA9B320000-memory.dmp

Filesize
64KB

Download
memory/6740-3197-0x00007FFA98670000-0x00007FFA98680000-memory.dmp

Filesize
64KB

Download
memory/6740-3198-0x00007FFA98670000-0x00007FFA98680000-memory.dmp

Filesize
64KB

Download
memory/6740-3181-0x00007FFA9B310000-0x00007FFA9B320000-memory.dmp

Filesize
64KB

Download
memory/6740-3677-0x000001664AA70000-0x000001664AB75000-memory.dmp

Filesize
1.0MB

Download
memory/6740-3675-0x00007FFA9B310000-0x00007FFA9B320000-memory.dmp

Filesize
64KB

Download
memory/6740-3673-0x00007FFA9B310000-0x00007FFA9B320000-memory.dmp

Filesize
64KB

Download
memory/6740-3172-0x00007FFA9B310000-0x00007FFA9B320000-memory.dmp

Filesize
64KB

Download
memory/6740-3676-0x00007FFA9B310000-0x00007FFA9B320000-memory.dmp

Filesize
64KB

Download
memory/6740-3674-0x00007FFA9B310000-0x00007FFA9B320000-memory.dmp

Filesize
64KB

Download