Analysis Overview
SHA256
744214bbe4ab445a2778cc66eb4a8a5b64673b245cfbf3500e14ed70f5906ef1
Threat Level: Known bad
The file LBLeak.zip was found to be: Known bad.
Malicious Activity Summary
Lockbit family
Blackmatter family
Rule to detect Lockbit 3.0 ransomware Windows payload
Lockbit
Downloads MZ/PE file
Browser Information Discovery
Unsigned PE
System Network Configuration Discovery: Internet Connection Discovery
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-02-14 20:00
Signatures
Blackmatter family
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2025-02-14 20:00
Reported
2025-02-14 20:02
Platform
win10ltsc2021-20250207-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
"C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTJGNUI4MDctQkNCRC00RjY4LUFGQzUtNENCNDBCNDhDQUIxfSIgdXNlcmlkPSJ7RTdBMjRGMDUtMDkyMy00M0FGLTgxRUUtMDg3OUZCMTczQkZCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7M0M3Q0VCQTgtMTI0Qi00RjUzLTgxM0MtMkI5NDlBMjQ4N0E2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNyIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NTQ0IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDgwMzc1NTYwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDg2MzkwMzg2NSIvPjwvYXBwPjwvcmVxdWVzdD4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.35.26:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| NL | 4.175.87.113:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2025-02-14 20:00
Reported
2025-02-14 20:02
Platform
win10ltsc2021-20250211-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
"C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDIzOTZCQjktNDdGNi00OTczLUIwRjQtMjQwOTIyNURDRjE5fSIgdXNlcmlkPSJ7NTUxQjk2REMtMzM0Qy00MzZGLUFDN0QtOTA0RkU5MTRCOTUxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTQyNDkwNTYtNjgxOS00MDY2LTlCMkItNzY4NzZFRjc2MjVEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzM5MjY5OTk1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM3NDE5ODgwODMwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA2NzYzMTY0NSIvPjwvYXBwPjwvcmVxdWVzdD4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 92.122.101.19:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-14 20:00
Reported
2025-02-14 20:02
Platform
win10ltsc2021-20250211-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Lockbit
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\keygen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\keygen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LBLeak\builder.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2460122153-424179005-3852593011-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\LBLeak.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LBLeak\Build.bat"
C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
keygen -path C:\Users\Admin\AppData\Local\Temp\LBLeak\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3Decryptor.exe
C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3.exe
C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_pass.exe
C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32.dll
C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 27346 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b444a3ae-3ea9-4f90-aceb-1bd63045a4a3} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 27224 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c92488ea-b771-4d89-89d0-4fee8dbf6b11} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3180 -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3004 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77f148b9-ae14-4a7d-a66c-237aa614d67b} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4216 -childID 2 -isForBrowser -prefsHandle 4208 -prefMapHandle 4204 -prefsLen 32598 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05430631-77f0-4fc0-8008-267dea3c1571} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4848 -prefMapHandle 4844 -prefsLen 32598 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae6dce87-582f-427d-868f-1464a6afa60d} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5252 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ea5acf0-dd74-4c6d-9a99-c0e9525ae6d6} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 4 -isForBrowser -prefsHandle 5224 -prefMapHandle 5252 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {538f5db6-d101-44d0-b99c-7769f1c985a5} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 5 -isForBrowser -prefsHandle 5652 -prefMapHandle 5656 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d24754f-7670-4bcb-a465-3749721c68ab} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -childID 6 -isForBrowser -prefsHandle 4936 -prefMapHandle 4820 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbfb7f33-dcb2-4df6-b0f7-0d6cb09b29e4} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUY0MzUzOTEtQjhFNi00QUE2LUFBQjYtQkFCQTZDQ0RDREMyfSIgdXNlcmlkPSJ7MzY0QjgxNTQtODI4NS00NEFCLTlCOEYtNTE3NUI3MDk5QjMyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QzQ5RTNDMzEtNzUzMy00QTEwLTg5RjUtRDZDMkZFMTUyRDQzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzM5MjY5OTk1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM3NDE5ODgwODMwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQxOTExMzQ0MiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\LBLeak\Build.bat" "
C:\Users\Admin\Downloads\LBLeak\keygen.exe
keygen -path C:\Users\Admin\Downloads\LBLeak\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type dec -privkey C:\Users\Admin\Downloads\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3Decryptor.exe
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3.exe
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_pass.exe
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32.dll
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
C:\Users\Admin\Downloads\LBLeak\builder.exe
"C:\Users\Admin\Downloads\LBLeak\builder.exe"
C:\Users\Admin\Downloads\LBLeak\builder.exe
"C:\Users\Admin\Downloads\LBLeak\builder.exe"
C:\Users\Admin\Downloads\LBLeak\builder.exe
"C:\Users\Admin\Downloads\LBLeak\builder.exe"
C:\Users\Admin\Downloads\LBLeak\keygen.exe
"C:\Users\Admin\Downloads\LBLeak\keygen.exe"
C:\Users\Admin\Downloads\LBLeak\keygen.exe
"C:\Users\Admin\Downloads\LBLeak\keygen.exe"
C:\Users\Admin\Downloads\LBLeak\keygen.exe
"C:\Users\Admin\Downloads\LBLeak\keygen.exe"
C:\Users\Admin\Downloads\LBLeak\keygen.exe
"C:\Users\Admin\Downloads\LBLeak\keygen.exe"
C:\Users\Admin\Downloads\LBLeak\builder.exe
"C:\Users\Admin\Downloads\LBLeak\builder.exe"
C:\Users\Admin\Downloads\LBLeak\builder.exe
"C:\Users\Admin\Downloads\LBLeak\builder.exe"
C:\Users\Admin\Downloads\LBLeak\builder.exe
"C:\Users\Admin\Downloads\LBLeak\builder.exe"
C:\Users\Admin\Downloads\LBLeak\builder.exe
"C:\Users\Admin\Downloads\LBLeak\builder.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\LBLeak\Build.bat"
C:\Users\Admin\Downloads\LBLeak\keygen.exe
keygen -path C:\Users\Admin\Downloads\LBLeak\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type dec -privkey C:\Users\Admin\Downloads\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3Decryptor.exe
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3.exe
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_pass.exe
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32.dll
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Downloads\LBLeak\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:63400 | tcp | |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 151.101.195.19:443 | www.mozilla.org | tcp |
| US | 151.101.195.19:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| N/A | 127.0.0.1:63407 | tcp | |
| GB | 172.165.61.93:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| FR | 45.112.123.126:80 | gofile.io | tcp |
| FR | 45.112.123.126:80 | gofile.io | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 45.112.123.126:80 | gofile.io | tcp |
| FR | 45.112.123.126:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | store-eu-par-4.gofile.io | udp |
| FR | 195.154.100.96:443 | store-eu-par-4.gofile.io | tcp |
| US | 8.8.8.8:53 | store-eu-par-4.gofile.io | udp |
| US | 8.8.8.8:53 | store-eu-par-4.gofile.io | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 142.250.187.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r3---sn-aigzrnsl.gvt1.com | udp |
| GB | 74.125.168.232:443 | r3---sn-aigzrnsl.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3.sn-aigzrnsl.gvt1.com | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 172.169.87.222:443 | msedge.api.cdp.microsoft.com | tcp |
| GB | 74.125.168.232:443 | r3.sn-aigzrnsl.gvt1.com | tcp |
| GB | 74.125.168.232:443 | r3.sn-aigzrnsl.gvt1.com | udp |
| US | 8.8.8.8:53 | r3.sn-aigzrnsl.gvt1.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 92.122.101.40:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key
| MD5 | 8790482984443ac0e276e931128a5978 |
| SHA1 | dbec21ec5405f154397c79005674720bb128f0aa |
| SHA256 | 007c89deaba91a5daae9b823779a28291d470a2a56f7841fad51d5273fd9b257 |
| SHA512 | c2cdb69bd3a8a3bbf6c391493adf14ff794ffce525dae1eef5c4fde3e2ec25071eaf74a07de4e2058db3c03a6b658056775ecc8b2c67011d73b6b61af4492557 |
C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key
| MD5 | 76caf62bb0f67b9afee1d5ec0e87f540 |
| SHA1 | db6d161e0f0020037c7d4c743a07de305c0dc985 |
| SHA256 | 6c7d7b5def21933526c4907f4783b829c65db2f9a71c5c1bdb21c4928b16224b |
| SHA512 | b2abff5ec3000e2ec70725ec2d7acc8407d19f94a841d0c206bddd5f317bcf4089cdccccd46ff688cd30943df68e2a76a045bbc0dd3ace206af9bde79b4c7394 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gscu8qjs.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | df78268e7a990badff887863253e4800 |
| SHA1 | 514a52734250da8df8b0cd3f54eca946a7b1563f |
| SHA256 | 51a4b3ad6aed850f822187425e17de1de07c20dcac75cb7635048a04b70510bf |
| SHA512 | 77961fc8e03f169ae53b6002547cfd8aed6b0310e98598e2686b4701883fb91b97b98a08e19facf7327bed9d0a28fb7c8d07e34b86344fb154e3dbadcf61de58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\pending_pings\8ebcc427-0e64-4658-92c8-2a71d4163ea0
| MD5 | e505e1d3ec59c15a7a8a0d3123ad0fec |
| SHA1 | 5ba1217487ffcd22d823435b9700c2614a303d2b |
| SHA256 | 3c446adfe66215640583d2d82cb867e51863b0e48902615306b0123cdd4410b6 |
| SHA512 | 8d42892e2c57492e6b5d5e590dbb952bc0d4337b230615e1f8ce4f886e4645061ec7628e3e9a6bdf55b3181e54b1c54c1532ae82ee33396e0e3f43453342860d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\pending_pings\0a21b1dc-fe22-465b-a9b9-0a9153f0f82b
| MD5 | c73b4195a877ef780d13cb4a7cff7509 |
| SHA1 | b609b683a02fa628327a1f352deb2c7272170b76 |
| SHA256 | 86e21422e390ea1e80af96ab068a5e9fbaa363ee3bce71d4f494cfc13497deb2 |
| SHA512 | d9251f058f23c0c378f05af0960c9a6319cf62b2a7a248e3c966967fc09d5d6a5ff21d45f6662b685f18a8917e0f9f395f42bb37eecf5f2c4f61312b6b153503 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\pending_pings\561e7309-3f00-4f97-9349-1764dff6f05f
| MD5 | 4ada0800860ff2eca41408dc9288b829 |
| SHA1 | c6ebf257c56fb7a1cef7c48efcaec8cc5feb06ea |
| SHA256 | 7b028ad132661f9bb58101b25501fa6cfc99ed28a2ff1698f1c8b40a28eaaf2f |
| SHA512 | ed10dbb07ae5e1b4709494fa23065d67f484eb093fa9243dabdc7ecca44d6d10aa6acc9aa68be6222cbdef174f0a187a3b0c27631ea40fcb9b0514dab9d2e38f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 041eb23c722c7a143d6066386c0f2181 |
| SHA1 | 3d61bdd5479ee27f363b052b51583870fbb413c2 |
| SHA256 | 2ff33a5fdbd0c1cab789b4709092e7d8666f406da0fd4e27ceaa2cd400581d02 |
| SHA512 | 7931b8b51070d236fadb8314cf358b76627acc5c96b32ff493bcd12d4684bd10703db9b7c791819ac206632f8b1c33e83eb3facee01470043074ae6e47edb18e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fd89ecebc8de4246bd8866b37b0dc3b5 |
| SHA1 | 191e2d05ccff14c2a362ca0e93c10445d102c91a |
| SHA256 | f1563cee22f3d9378ddcf134c3c10076538f073ba45da88a5573d0c5ec1fe650 |
| SHA512 | c4544062ba74ffdf1028410715581a1cbd4a804dcb02a1902e4e76f5fbe91e20fd4ca2fde31957a99afe5ed3b994c9adf8f7aa0eb462b9a5815e1064d9daf554 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 4e3d3b563e96bf7e2a7796abde8b3a2d |
| SHA1 | 8181cca5c40841b5286af08988c0f5853c9e25a2 |
| SHA256 | 4241e6797dec257469666239606824c4addf43f4826a9434b4a879e1a40097ac |
| SHA512 | a0d75a150908a377cf652919c8f4d3b6feb3dc947f55b4c5fc0208af0a8053771f422ea2408024c4bfe81074a672f8f1dc1b6b0c6f8504db7f6bd68d35bffeb6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\prefs.js
| MD5 | 24296a815398155140459a759457e6bc |
| SHA1 | ddcd25673e80b47dc244c07a8898aa0c810da97c |
| SHA256 | 4ba16913a9d68cb1320642f08c799bf689e349ecfce3e96ea8bedeba88d0395f |
| SHA512 | 7b3f63176540f88f4e897c20d3666aca4e2d4c83ead195c2dadab6aac28726f0eeae43845c8929843fbfe2cb45efa4d88591beb51be623b20b933802774e45f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\prefs.js
| MD5 | d00e84f9e0d9d44f715d8d3002129239 |
| SHA1 | 767d01a4a7d5b8a149c488314fe745422b138cb8 |
| SHA256 | 2dc86db78a3407fe4d8a021417e360062a879cbdd8ae2570569f4eec58fc2adc |
| SHA512 | 96cfc45e50648642f3305fe060299e1db89a77655b2a152a06226aa901c1aafd5022c1d789d52cba2b40007fc32f334319c9bf505a9911fbdaff302a3406b06f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4b83bfe3fd5e8b66ac6b6c72e2179040 |
| SHA1 | e69490633d8c3bfce6a3d3d992dcc6b4274ab197 |
| SHA256 | 9d01ed769b53be2c8c2ccb146c19c5fc4dd8568ad8a59977442e9680f6138e19 |
| SHA512 | d4b9a002594d04231bb6675f20f33ef48d9c896ca9464641169afd5d99fdf47054e775b612ead3e116e185fffe07bda82cb9a5a0a2a01ed616ce6ac9a9ac9477 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | bbdd39035087ed157d4bb046f47429b1 |
| SHA1 | 966fbbd191aeef65b8938fc62b708304b7c33895 |
| SHA256 | a0224964747033b100ac621341c1832ceb202c30bf8e99524d0ed68c82011c2c |
| SHA512 | de03e5106c0f7acd57502ba4873fbb8bde04472ad9ae5acd4bc3692b932467b5d063da56e2b6b259ddd5bb0e465f16cbb60fd8af9cb263e67d409db18a968055 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\prefs.js
| MD5 | 2ec4efbc29a2b533c7f95e88d160bb49 |
| SHA1 | e3b17612aa2b6b9ef5d95c2199448b642a549d7e |
| SHA256 | 067150651e01e4729e03418786ce559b592199a42482525401662065bd34db4a |
| SHA512 | 7e5fd93254d956da09401dac7c3f90ca4c2e4318fcb716b4fe2a4135f55c8a6c015fcc8be73ea11f5efde2fade2728e9f105c7ee362b22fcf7cad0a4411a79b3 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 16dfb752cb6d3c48e37e69cb00077797 |
| SHA1 | 24bfce372cbfcb66b506a814e67ed1b89839741e |
| SHA256 | 871c289fbb38493a1b8c3f3430d7a922dc6aec4d73c9a6c1f8f61a68b3234f88 |
| SHA512 | 1d4897315fef9bbb293bee97d881ee95d7ba881068dcea05a691d8e7fd26957f41df82547668553857f9c476f7a616c4c12a8f2db2c477f8fc69760e5b286c56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\prefs-1.js
| MD5 | 8f2b690595a2891d1c466bb422780a7a |
| SHA1 | 48ff34d66c7314c074e049ab3e0849e2e7c23f48 |
| SHA256 | b1e626c82b38fc7f5d48e9b19fbb7434c01498f398c31a67f62cd626c7ca3f7d |
| SHA512 | 2bb08080111f3b1ddbbe348ba1d971b06a4b181115040868af87903aec73b85dad24d9e47243f6e861426c19326359218e98f51e23cbfc0137d141dde737716b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\AlternateServices.bin
| MD5 | dad6dadb4a0c89e27b6c165bfb14ef73 |
| SHA1 | a02d6b78fbfbff607e212f392a3192a058980c25 |
| SHA256 | d01c82e10e7d6d1381f1caf86292376f793506fa6af9f4c3bc0113bdf5f0f38f |
| SHA512 | afe9c01bbe2f806444e5e9de55d6a2654dc2c0334bdd0656162f66d8e05118e8bef54c87b825ec3c3f2db97dcd2c4c9163afa3df65216a443732f110773ef5b5 |
C:\Users\Admin\Downloads\LBLeak.tJqM2PiN.zip.part
| MD5 | 2e2b742c193749a0a4980c884e0688c2 |
| SHA1 | d077620634960e6ac82706970db2158bb6198874 |
| SHA256 | 744214bbe4ab445a2778cc66eb4a8a5b64673b245cfbf3500e14ed70f5906ef1 |
| SHA512 | dd8e846008ba3327a37393141f4719ff92c06b5bdfcdbad6e2cbc49c1bfb679b0c5cd315b14a7e4ab36cc0c593b1001b536cd5d6e603312c5675b9d666f0381d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5669095b53e0192725aa9234b0009af1 |
| SHA1 | e2bc826ba8a2141f6672d7eb859083118cad0eeb |
| SHA256 | f42248e4df1a039e40c4d65e8fe80b9742c428df90b88641036bc82d5efa4abe |
| SHA512 | f0bbf5a268b33a2ab810336432d3c768cdab254488de7044d2d65a7a5ac3c2d3a75d1bbb4e3641e21918116d0a696fe61652d8e09ccc7f2d387caf8349667b53 |
C:\Users\Admin\Downloads\LBLeak\Build\priv.key
| MD5 | fdf3e8443f2087b3ee3453aea0be0cd9 |
| SHA1 | ab3975cb0d85b0e70361d37cf3b92a9f8c3ba0ba |
| SHA256 | 86b4f8607dea56a1e8675bedf63ea81c85cdf5af3cca9d6bf2dd4a3a426735c8 |
| SHA512 | c3198d8f30476fcfd459d19175f08eb7cf6649610fc7646e6742251db325752c0d0ae1d927f65311189b439619c7470d5ac15782d91214a176bc63dd86c57e81 |
C:\Users\Admin\Downloads\LBLeak\Build\pub.key
| MD5 | 4f870a9128cd20126eca067067ae7382 |
| SHA1 | d69572b44650327c17f49c367fba81fd691ef72f |
| SHA256 | 88876853777161909230db0d937064b90b3f8a671187751701d7dcbd38000636 |
| SHA512 | e9aa263c4eb1031f42a0cb8cb331fa330c55a924d185061271ffdf2e1274c19d69b8ac5335239509c45eb34f3cdfa482f1a3b127243cee59e488a90127eb2716 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f67cfa52085361effec26d5df90838f5 |
| SHA1 | 2c9fbe0af23752423a407bfd152ad1d568f4b857 |
| SHA256 | 8a10fa1f7524f170e6e30bb5cfbbd3ed08545a45763875f121b1225b2fd9c9a4 |
| SHA512 | 42033316ea51b6a474ebb3d2ae0c24caeda9abf91735bc088c94e9c7003a96977acbd35c3ce74bc9cc2ac108d8f62f7383700e79fb9f15032beff2e3f5d82c24 |
C:\Users\Admin\Downloads\LBLeak\Build\Password_dll.txt
| MD5 | 227c521fee4055c0e8ab68904d969713 |
| SHA1 | f162cfdab8d562402748ae0d5d75f61a6fbfa9c3 |
| SHA256 | 2f74bcd82a10d3c40d0bfd3a35c7ab4cbd11175eac9f4944e4c7841da3052736 |
| SHA512 | da5b77f16d41d4d1f6ccd5b0237ba4546400ad5d92cadf979ff7c56e433103f67c7e79bf6707b5c7a05422ab6c1fec07aa0d0ae5faf3226944b10205a9c4e086 |
C:\Users\Admin\Downloads\LBLeak\Build\Password_exe.txt
| MD5 | f2f345e3b06513f1c42c243d266befc5 |
| SHA1 | dd6eb9c92556c99edf790dc35541dc252d5194ae |
| SHA256 | a33a86455ca1f07824f5fc000564e537a21d23f024d2c5e129153e708a3d8c64 |
| SHA512 | cd6c0059c39122cd4086c763ea76021e8bbd7c9506c1ab605c75e2270fe130a5b22c327d82a114c31fbd6905a079922d8b3de7cb9db945fd6c062f65de4c5e14 |
C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32_pass.dll
| MD5 | 06109097cd01abf0f44b4518a6024c0d |
| SHA1 | a3067c8294c32496f1bada4787c1b0bdb602c9af |
| SHA256 | 4f5e433b6a19515a0140a5f5a40b55ff2be726a2ff58ddc2c7f7b3932bc379c0 |
| SHA512 | 0b3b486c897a55e3c17937df6006629a11487372566688d0c750ae6d6f6125579e448cb83726c208785a4649b9514986cbe3862421f16793f0f900069ebda1dc |
C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32.dll
| MD5 | 39ab487f108c29fd3af66d2d0fb9da70 |
| SHA1 | e84932921e8937d3137a12ec28fc14690a9da823 |
| SHA256 | bd6f24cd9dd333cbfc26efb9066a12afcf2908ea8333cbec2edf86c4520e1bc2 |
| SHA512 | 2e7c93c2e86673877e071e08f0a968e59a0b311b3e06517621254c7bf40fa9b1f2f15531531d5c3d631b416f6ff4ceba2b6f215cfce3be4de55bf003612f840d |
C:\Users\Admin\Downloads\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
| MD5 | c2f0e1144252e4223da96a2fbbe2c53c |
| SHA1 | 48a62306bc73fddf8738919519256620c16396d6 |
| SHA256 | 21de344bf2af894deca24395a7e2f9204a016ccc98b251ab85e99dca1742c271 |
| SHA512 | ad0acf22a6e885b5f0bbb1732cff54e8b70819568457eccd092bceebd9e30803a5c13e4026b9a9afd2bcbfdb0dd7d853a8878a6b4bc8e254d647818d7156a2ba |
C:\Users\Admin\Downloads\LBLeak\Build\LB3_pass.exe
| MD5 | 7d7abd1456c57cd10fadea94dde87564 |
| SHA1 | 8d020df2fbd66b17a1659fa92be46289f7db379c |
| SHA256 | 4341f67b69052639a3cbb262cd8e1c76402c11fc515d1ec3d7547f67f5d57a92 |
| SHA512 | de2cbbb795ca5665c3fa71c2605afa47171e05e21dc2379b2a8b5c6696c5b1ca9f4e103c4ae16c4ed6b9fab8a1202b34056a7b351f87b15edba5d0d776e390f4 |
C:\Users\Admin\Downloads\LBLeak\Build\LB3Decryptor.exe
| MD5 | 95f0de20bf5311afbcfdd1822a92deae |
| SHA1 | db39750e571ce47ce4da11446b1bcd850c32369b |
| SHA256 | 8fdd05d9be3fef97970a4b0b1e3729690e21de181283850893ebe650d7a9b514 |
| SHA512 | d78de29da28f37875e26a5f92267e96423e6f9711cf9979c46298e676eb34145141517d73ff084d73536577fb1f381dc59838871ec190111b50295aff849e196 |
C:\Users\Admin\Downloads\LBLeak\Build\LB3.exe
| MD5 | 8c23a42efcdc664c65fcaa5ea5ddf412 |
| SHA1 | b59eb8c130827e1b6fb31b467794cc736cfa5482 |
| SHA256 | 5ba70f10b73c0ea4e2c7faa3f2113cc3c38780177bbf3e4b4a6c746e44cad195 |
| SHA512 | 68fa25813b7bb9cc344bd2abb34be7b08238df755ace6c326da3f41074843579abf8c5b9354881078d91f0b5a9190f0b267653741dc66c0396d4b866c8142932 |
C:\Users\Admin\Downloads\LBLeak\Build\DECRYPTION_ID.txt
| MD5 | 52401cf56af0c10bbb574f2bb71c4896 |
| SHA1 | cda309d94662f383b4dcd78313bbe75cad4821ac |
| SHA256 | e98a77f6da2a9aa06b9bf3560c9f55ae2668c74c1e808587b7ab84f3a37da06e |
| SHA512 | c9776f98ad85f3201c7c30beb0a080ff2390a9810e4449150a265631bd9fd6bc0163d6a0693596a55f6a0a1070332dcecc9207dad3629a6b73337c39f845b520 |
C:\Users\Admin\Downloads\LBLeak\Build\priv.key
| MD5 | 4e72c135389532bb8b4a6e368347ad6f |
| SHA1 | 9c82b6d8b4ad027edcc1bb281ab5775cb52ef8c8 |
| SHA256 | 198d3f18419fab0fc4af3d6b7bad8233b3e9f1d197479474dd2975475a18e820 |
| SHA512 | 041ac89fa6a0566aa34223c085928f2b281503a64235054da7d210d5868540565bd150a15649c61ee7c7bd2100340d125cb22b24f95be819c5a8178dfb0d4739 |
C:\Users\Admin\Downloads\LBLeak\Build\pub.key
| MD5 | f4047c27f4b53e6b5aa334c3525893c8 |
| SHA1 | 7cedf27baf56a2b63f35166e9254b6c82d24af09 |
| SHA256 | 7a6fd648ef6cefd4ac838373b5e4863796b00bbdca48c68c25f3ccda69eda977 |
| SHA512 | 78ed0c42f021c2a27ef549ac20bfe7f011d6ca7cdda06c910a6452a2239806e6b0ee3fa7a62826083d5c57dc85d8e4b84dfaabc83076013041a48bc29f912064 |