Malware Analysis Report

2025-03-15 08:28

Sample ID 250214-yq1deaxnhp
Target LBLeak.zip
SHA256 744214bbe4ab445a2778cc66eb4a8a5b64673b245cfbf3500e14ed70f5906ef1
Tags
discovery lockbit blackmatter ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

744214bbe4ab445a2778cc66eb4a8a5b64673b245cfbf3500e14ed70f5906ef1

Threat Level: Known bad

The file LBLeak.zip was found to be: Known bad.

Malicious Activity Summary

discovery lockbit blackmatter ransomware

Lockbit family

Blackmatter family

Rule to detect Lockbit 3.0 ransomware Windows payload

Lockbit

Downloads MZ/PE file

Browser Information Discovery

Unsigned PE

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious use of SendNotifyMessage

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-14 20:00

Signatures

Blackmatter family

blackmatter

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-14 20:00

Reported

2025-02-14 20:02

Platform

win10ltsc2021-20250207-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe"

Signatures

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe

"C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTJGNUI4MDctQkNCRC00RjY4LUFGQzUtNENCNDBCNDhDQUIxfSIgdXNlcmlkPSJ7RTdBMjRGMDUtMDkyMy00M0FGLTgxRUUtMDg3OUZCMTczQkZCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7M0M3Q0VCQTgtMTI0Qi00RjUzLTgxM0MtMkI5NDlBMjQ4N0E2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNyIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NTQ0IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDgwMzc1NTYwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDg2MzkwMzg2NSIvPjwvYXBwPjwvcmVxdWVzdD4

Network

Country Destination Domain Proto
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.35.26:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
NL 4.175.87.113:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2025-02-14 20:00

Reported

2025-02-14 20:02

Platform

win10ltsc2021-20250211-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe"

Signatures

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe

"C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDIzOTZCQjktNDdGNi00OTczLUIwRjQtMjQwOTIyNURDRjE5fSIgdXNlcmlkPSJ7NTUxQjk2REMtMzM0Qy00MzZGLUFDN0QtOTA0RkU5MTRCOTUxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTQyNDkwNTYtNjgxOS00MDY2LTlCMkItNzY4NzZFRjc2MjVEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzM5MjY5OTk1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM3NDE5ODgwODMwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTA2NzYzMTY0NSIvPjwvYXBwPjwvcmVxdWVzdD4

Network

Country Destination Domain Proto
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 4.155.164.36:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
NL 92.122.101.19:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-14 20:00

Reported

2025-02-14 20:02

Platform

win10ltsc2021-20250211-en

Max time kernel

149s

Max time network

151s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LBLeak\Build.bat"

Signatures

Lockbit

ransomware lockbit

Lockbit family

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A N/A N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\keygen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\keygen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LBLeak\builder.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2460122153-424179005-3852593011-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\LBLeak.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 564 wrote to memory of 3052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
PID 564 wrote to memory of 3052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
PID 564 wrote to memory of 3052 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
PID 564 wrote to memory of 3800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 3800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 3800 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 4296 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 4296 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 4296 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 332 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 332 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 332 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 4900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 4900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 4900 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 1620 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 1620 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 1620 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 4644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 4644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 564 wrote to memory of 4644 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1044 wrote to memory of 5108 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5108 wrote to memory of 2060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LBLeak\Build.bat"

C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe

keygen -path C:\Users\Admin\AppData\Local\Temp\LBLeak\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe

builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3Decryptor.exe

C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3.exe

C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_pass.exe

C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32.dll

C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 27346 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b444a3ae-3ea9-4f90-aceb-1bd63045a4a3} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 27224 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c92488ea-b771-4d89-89d0-4fee8dbf6b11} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3180 -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3004 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77f148b9-ae14-4a7d-a66c-237aa614d67b} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4216 -childID 2 -isForBrowser -prefsHandle 4208 -prefMapHandle 4204 -prefsLen 32598 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05430631-77f0-4fc0-8008-267dea3c1571} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4848 -prefMapHandle 4844 -prefsLen 32598 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae6dce87-582f-427d-868f-1464a6afa60d} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5252 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ea5acf0-dd74-4c6d-9a99-c0e9525ae6d6} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 4 -isForBrowser -prefsHandle 5224 -prefMapHandle 5252 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {538f5db6-d101-44d0-b99c-7769f1c985a5} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 5 -isForBrowser -prefsHandle 5652 -prefMapHandle 5656 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d24754f-7670-4bcb-a465-3749721c68ab} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -childID 6 -isForBrowser -prefsHandle 4936 -prefMapHandle 4820 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbfb7f33-dcb2-4df6-b0f7-0d6cb09b29e4} 5108 "\\.\pipe\gecko-crash-server-pipe.5108" tab

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MUY0MzUzOTEtQjhFNi00QUE2LUFBQjYtQkFCQTZDQ0RDREMyfSIgdXNlcmlkPSJ7MzY0QjgxNTQtODI4NS00NEFCLTlCOEYtNTE3NUI3MDk5QjMyfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QzQ5RTNDMzEtNzUzMy00QTEwLTg5RjUtRDZDMkZFMTUyRDQzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzM5MjY5OTk1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM3NDE5ODgwODMwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQxOTExMzQ0MiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\LBLeak\Build.bat" "

C:\Users\Admin\Downloads\LBLeak\keygen.exe

keygen -path C:\Users\Admin\Downloads\LBLeak\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type dec -privkey C:\Users\Admin\Downloads\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3Decryptor.exe

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3.exe

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_pass.exe

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32.dll

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll

C:\Users\Admin\Downloads\LBLeak\builder.exe

"C:\Users\Admin\Downloads\LBLeak\builder.exe"

C:\Users\Admin\Downloads\LBLeak\builder.exe

"C:\Users\Admin\Downloads\LBLeak\builder.exe"

C:\Users\Admin\Downloads\LBLeak\builder.exe

"C:\Users\Admin\Downloads\LBLeak\builder.exe"

C:\Users\Admin\Downloads\LBLeak\keygen.exe

"C:\Users\Admin\Downloads\LBLeak\keygen.exe"

C:\Users\Admin\Downloads\LBLeak\keygen.exe

"C:\Users\Admin\Downloads\LBLeak\keygen.exe"

C:\Users\Admin\Downloads\LBLeak\keygen.exe

"C:\Users\Admin\Downloads\LBLeak\keygen.exe"

C:\Users\Admin\Downloads\LBLeak\keygen.exe

"C:\Users\Admin\Downloads\LBLeak\keygen.exe"

C:\Users\Admin\Downloads\LBLeak\builder.exe

"C:\Users\Admin\Downloads\LBLeak\builder.exe"

C:\Users\Admin\Downloads\LBLeak\builder.exe

"C:\Users\Admin\Downloads\LBLeak\builder.exe"

C:\Users\Admin\Downloads\LBLeak\builder.exe

"C:\Users\Admin\Downloads\LBLeak\builder.exe"

C:\Users\Admin\Downloads\LBLeak\builder.exe

"C:\Users\Admin\Downloads\LBLeak\builder.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\LBLeak\Build.bat"

C:\Users\Admin\Downloads\LBLeak\keygen.exe

keygen -path C:\Users\Admin\Downloads\LBLeak\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type dec -privkey C:\Users\Admin\Downloads\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3Decryptor.exe

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3.exe

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_pass.exe

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32.dll

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Downloads\LBLeak\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Downloads\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\Downloads\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:63400 tcp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 151.101.195.19:443 www.mozilla.org tcp
US 151.101.195.19:443 www.mozilla.org tcp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
N/A 127.0.0.1:63407 tcp
GB 172.165.61.93:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
FR 45.112.123.126:80 gofile.io tcp
FR 45.112.123.126:80 gofile.io tcp
US 8.8.8.8:53 gofile.io udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:80 gofile.io tcp
FR 45.112.123.126:443 gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 store-eu-par-4.gofile.io udp
FR 195.154.100.96:443 store-eu-par-4.gofile.io tcp
US 8.8.8.8:53 store-eu-par-4.gofile.io udp
US 8.8.8.8:53 store-eu-par-4.gofile.io udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 142.250.187.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 2.18.121.73:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:443 redirector.gvt1.com udp
US 8.8.8.8:53 r3---sn-aigzrnsl.gvt1.com udp
GB 74.125.168.232:443 r3---sn-aigzrnsl.gvt1.com tcp
US 8.8.8.8:53 r3.sn-aigzrnsl.gvt1.com udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 172.169.87.222:443 msedge.api.cdp.microsoft.com tcp
GB 74.125.168.232:443 r3.sn-aigzrnsl.gvt1.com tcp
GB 74.125.168.232:443 r3.sn-aigzrnsl.gvt1.com udp
US 8.8.8.8:53 r3.sn-aigzrnsl.gvt1.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
NL 92.122.101.40:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key

MD5 8790482984443ac0e276e931128a5978
SHA1 dbec21ec5405f154397c79005674720bb128f0aa
SHA256 007c89deaba91a5daae9b823779a28291d470a2a56f7841fad51d5273fd9b257
SHA512 c2cdb69bd3a8a3bbf6c391493adf14ff794ffce525dae1eef5c4fde3e2ec25071eaf74a07de4e2058db3c03a6b658056775ecc8b2c67011d73b6b61af4492557

C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key

MD5 76caf62bb0f67b9afee1d5ec0e87f540
SHA1 db6d161e0f0020037c7d4c743a07de305c0dc985
SHA256 6c7d7b5def21933526c4907f4783b829c65db2f9a71c5c1bdb21c4928b16224b
SHA512 b2abff5ec3000e2ec70725ec2d7acc8407d19f94a841d0c206bddd5f317bcf4089cdccccd46ff688cd30943df68e2a76a045bbc0dd3ace206af9bde79b4c7394

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gscu8qjs.default-release\activity-stream.discovery_stream.json.tmp

MD5 df78268e7a990badff887863253e4800
SHA1 514a52734250da8df8b0cd3f54eca946a7b1563f
SHA256 51a4b3ad6aed850f822187425e17de1de07c20dcac75cb7635048a04b70510bf
SHA512 77961fc8e03f169ae53b6002547cfd8aed6b0310e98598e2686b4701883fb91b97b98a08e19facf7327bed9d0a28fb7c8d07e34b86344fb154e3dbadcf61de58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\pending_pings\8ebcc427-0e64-4658-92c8-2a71d4163ea0

MD5 e505e1d3ec59c15a7a8a0d3123ad0fec
SHA1 5ba1217487ffcd22d823435b9700c2614a303d2b
SHA256 3c446adfe66215640583d2d82cb867e51863b0e48902615306b0123cdd4410b6
SHA512 8d42892e2c57492e6b5d5e590dbb952bc0d4337b230615e1f8ce4f886e4645061ec7628e3e9a6bdf55b3181e54b1c54c1532ae82ee33396e0e3f43453342860d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\pending_pings\0a21b1dc-fe22-465b-a9b9-0a9153f0f82b

MD5 c73b4195a877ef780d13cb4a7cff7509
SHA1 b609b683a02fa628327a1f352deb2c7272170b76
SHA256 86e21422e390ea1e80af96ab068a5e9fbaa363ee3bce71d4f494cfc13497deb2
SHA512 d9251f058f23c0c378f05af0960c9a6319cf62b2a7a248e3c966967fc09d5d6a5ff21d45f6662b685f18a8917e0f9f395f42bb37eecf5f2c4f61312b6b153503

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\pending_pings\561e7309-3f00-4f97-9349-1764dff6f05f

MD5 4ada0800860ff2eca41408dc9288b829
SHA1 c6ebf257c56fb7a1cef7c48efcaec8cc5feb06ea
SHA256 7b028ad132661f9bb58101b25501fa6cfc99ed28a2ff1698f1c8b40a28eaaf2f
SHA512 ed10dbb07ae5e1b4709494fa23065d67f484eb093fa9243dabdc7ecca44d6d10aa6acc9aa68be6222cbdef174f0a187a3b0c27631ea40fcb9b0514dab9d2e38f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\db\data.safe.tmp

MD5 041eb23c722c7a143d6066386c0f2181
SHA1 3d61bdd5479ee27f363b052b51583870fbb413c2
SHA256 2ff33a5fdbd0c1cab789b4709092e7d8666f406da0fd4e27ceaa2cd400581d02
SHA512 7931b8b51070d236fadb8314cf358b76627acc5c96b32ff493bcd12d4684bd10703db9b7c791819ac206632f8b1c33e83eb3facee01470043074ae6e47edb18e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\db\data.safe.tmp

MD5 fd89ecebc8de4246bd8866b37b0dc3b5
SHA1 191e2d05ccff14c2a362ca0e93c10445d102c91a
SHA256 f1563cee22f3d9378ddcf134c3c10076538f073ba45da88a5573d0c5ec1fe650
SHA512 c4544062ba74ffdf1028410715581a1cbd4a804dcb02a1902e4e76f5fbe91e20fd4ca2fde31957a99afe5ed3b994c9adf8f7aa0eb462b9a5815e1064d9daf554

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\db\data.safe.tmp

MD5 4e3d3b563e96bf7e2a7796abde8b3a2d
SHA1 8181cca5c40841b5286af08988c0f5853c9e25a2
SHA256 4241e6797dec257469666239606824c4addf43f4826a9434b4a879e1a40097ac
SHA512 a0d75a150908a377cf652919c8f4d3b6feb3dc947f55b4c5fc0208af0a8053771f422ea2408024c4bfe81074a672f8f1dc1b6b0c6f8504db7f6bd68d35bffeb6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\prefs.js

MD5 24296a815398155140459a759457e6bc
SHA1 ddcd25673e80b47dc244c07a8898aa0c810da97c
SHA256 4ba16913a9d68cb1320642f08c799bf689e349ecfce3e96ea8bedeba88d0395f
SHA512 7b3f63176540f88f4e897c20d3666aca4e2d4c83ead195c2dadab6aac28726f0eeae43845c8929843fbfe2cb45efa4d88591beb51be623b20b933802774e45f7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\prefs.js

MD5 d00e84f9e0d9d44f715d8d3002129239
SHA1 767d01a4a7d5b8a149c488314fe745422b138cb8
SHA256 2dc86db78a3407fe4d8a021417e360062a879cbdd8ae2570569f4eec58fc2adc
SHA512 96cfc45e50648642f3305fe060299e1db89a77655b2a152a06226aa901c1aafd5022c1d789d52cba2b40007fc32f334319c9bf505a9911fbdaff302a3406b06f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\sessionstore-backups\recovery.baklz4

MD5 4b83bfe3fd5e8b66ac6b6c72e2179040
SHA1 e69490633d8c3bfce6a3d3d992dcc6b4274ab197
SHA256 9d01ed769b53be2c8c2ccb146c19c5fc4dd8568ad8a59977442e9680f6138e19
SHA512 d4b9a002594d04231bb6675f20f33ef48d9c896ca9464641169afd5d99fdf47054e775b612ead3e116e185fffe07bda82cb9a5a0a2a01ed616ce6ac9a9ac9477

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\datareporting\glean\db\data.safe.tmp

MD5 bbdd39035087ed157d4bb046f47429b1
SHA1 966fbbd191aeef65b8938fc62b708304b7c33895
SHA256 a0224964747033b100ac621341c1832ceb202c30bf8e99524d0ed68c82011c2c
SHA512 de03e5106c0f7acd57502ba4873fbb8bde04472ad9ae5acd4bc3692b932467b5d063da56e2b6b259ddd5bb0e465f16cbb60fd8af9cb263e67d409db18a968055

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\prefs.js

MD5 2ec4efbc29a2b533c7f95e88d160bb49
SHA1 e3b17612aa2b6b9ef5d95c2199448b642a549d7e
SHA256 067150651e01e4729e03418786ce559b592199a42482525401662065bd34db4a
SHA512 7e5fd93254d956da09401dac7c3f90ca4c2e4318fcb716b4fe2a4135f55c8a6c015fcc8be73ea11f5efde2fade2728e9f105c7ee362b22fcf7cad0a4411a79b3

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\sessionstore-backups\recovery.baklz4

MD5 16dfb752cb6d3c48e37e69cb00077797
SHA1 24bfce372cbfcb66b506a814e67ed1b89839741e
SHA256 871c289fbb38493a1b8c3f3430d7a922dc6aec4d73c9a6c1f8f61a68b3234f88
SHA512 1d4897315fef9bbb293bee97d881ee95d7ba881068dcea05a691d8e7fd26957f41df82547668553857f9c476f7a616c4c12a8f2db2c477f8fc69760e5b286c56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\prefs-1.js

MD5 8f2b690595a2891d1c466bb422780a7a
SHA1 48ff34d66c7314c074e049ab3e0849e2e7c23f48
SHA256 b1e626c82b38fc7f5d48e9b19fbb7434c01498f398c31a67f62cd626c7ca3f7d
SHA512 2bb08080111f3b1ddbbe348ba1d971b06a4b181115040868af87903aec73b85dad24d9e47243f6e861426c19326359218e98f51e23cbfc0137d141dde737716b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\AlternateServices.bin

MD5 dad6dadb4a0c89e27b6c165bfb14ef73
SHA1 a02d6b78fbfbff607e212f392a3192a058980c25
SHA256 d01c82e10e7d6d1381f1caf86292376f793506fa6af9f4c3bc0113bdf5f0f38f
SHA512 afe9c01bbe2f806444e5e9de55d6a2654dc2c0334bdd0656162f66d8e05118e8bef54c87b825ec3c3f2db97dcd2c4c9163afa3df65216a443732f110773ef5b5

C:\Users\Admin\Downloads\LBLeak.tJqM2PiN.zip.part

MD5 2e2b742c193749a0a4980c884e0688c2
SHA1 d077620634960e6ac82706970db2158bb6198874
SHA256 744214bbe4ab445a2778cc66eb4a8a5b64673b245cfbf3500e14ed70f5906ef1
SHA512 dd8e846008ba3327a37393141f4719ff92c06b5bdfcdbad6e2cbc49c1bfb679b0c5cd315b14a7e4ab36cc0c593b1001b536cd5d6e603312c5675b9d666f0381d

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\sessionstore-backups\recovery.baklz4

MD5 5669095b53e0192725aa9234b0009af1
SHA1 e2bc826ba8a2141f6672d7eb859083118cad0eeb
SHA256 f42248e4df1a039e40c4d65e8fe80b9742c428df90b88641036bc82d5efa4abe
SHA512 f0bbf5a268b33a2ab810336432d3c768cdab254488de7044d2d65a7a5ac3c2d3a75d1bbb4e3641e21918116d0a696fe61652d8e09ccc7f2d387caf8349667b53

C:\Users\Admin\Downloads\LBLeak\Build\priv.key

MD5 fdf3e8443f2087b3ee3453aea0be0cd9
SHA1 ab3975cb0d85b0e70361d37cf3b92a9f8c3ba0ba
SHA256 86b4f8607dea56a1e8675bedf63ea81c85cdf5af3cca9d6bf2dd4a3a426735c8
SHA512 c3198d8f30476fcfd459d19175f08eb7cf6649610fc7646e6742251db325752c0d0ae1d927f65311189b439619c7470d5ac15782d91214a176bc63dd86c57e81

C:\Users\Admin\Downloads\LBLeak\Build\pub.key

MD5 4f870a9128cd20126eca067067ae7382
SHA1 d69572b44650327c17f49c367fba81fd691ef72f
SHA256 88876853777161909230db0d937064b90b3f8a671187751701d7dcbd38000636
SHA512 e9aa263c4eb1031f42a0cb8cb331fa330c55a924d185061271ffdf2e1274c19d69b8ac5335239509c45eb34f3cdfa482f1a3b127243cee59e488a90127eb2716

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gscu8qjs.default-release\sessionstore-backups\recovery.baklz4

MD5 f67cfa52085361effec26d5df90838f5
SHA1 2c9fbe0af23752423a407bfd152ad1d568f4b857
SHA256 8a10fa1f7524f170e6e30bb5cfbbd3ed08545a45763875f121b1225b2fd9c9a4
SHA512 42033316ea51b6a474ebb3d2ae0c24caeda9abf91735bc088c94e9c7003a96977acbd35c3ce74bc9cc2ac108d8f62f7383700e79fb9f15032beff2e3f5d82c24

C:\Users\Admin\Downloads\LBLeak\Build\Password_dll.txt

MD5 227c521fee4055c0e8ab68904d969713
SHA1 f162cfdab8d562402748ae0d5d75f61a6fbfa9c3
SHA256 2f74bcd82a10d3c40d0bfd3a35c7ab4cbd11175eac9f4944e4c7841da3052736
SHA512 da5b77f16d41d4d1f6ccd5b0237ba4546400ad5d92cadf979ff7c56e433103f67c7e79bf6707b5c7a05422ab6c1fec07aa0d0ae5faf3226944b10205a9c4e086

C:\Users\Admin\Downloads\LBLeak\Build\Password_exe.txt

MD5 f2f345e3b06513f1c42c243d266befc5
SHA1 dd6eb9c92556c99edf790dc35541dc252d5194ae
SHA256 a33a86455ca1f07824f5fc000564e537a21d23f024d2c5e129153e708a3d8c64
SHA512 cd6c0059c39122cd4086c763ea76021e8bbd7c9506c1ab605c75e2270fe130a5b22c327d82a114c31fbd6905a079922d8b3de7cb9db945fd6c062f65de4c5e14

C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32_pass.dll

MD5 06109097cd01abf0f44b4518a6024c0d
SHA1 a3067c8294c32496f1bada4787c1b0bdb602c9af
SHA256 4f5e433b6a19515a0140a5f5a40b55ff2be726a2ff58ddc2c7f7b3932bc379c0
SHA512 0b3b486c897a55e3c17937df6006629a11487372566688d0c750ae6d6f6125579e448cb83726c208785a4649b9514986cbe3862421f16793f0f900069ebda1dc

C:\Users\Admin\Downloads\LBLeak\Build\LB3_Rundll32.dll

MD5 39ab487f108c29fd3af66d2d0fb9da70
SHA1 e84932921e8937d3137a12ec28fc14690a9da823
SHA256 bd6f24cd9dd333cbfc26efb9066a12afcf2908ea8333cbec2edf86c4520e1bc2
SHA512 2e7c93c2e86673877e071e08f0a968e59a0b311b3e06517621254c7bf40fa9b1f2f15531531d5c3d631b416f6ff4ceba2b6f215cfce3be4de55bf003612f840d

C:\Users\Admin\Downloads\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll

MD5 c2f0e1144252e4223da96a2fbbe2c53c
SHA1 48a62306bc73fddf8738919519256620c16396d6
SHA256 21de344bf2af894deca24395a7e2f9204a016ccc98b251ab85e99dca1742c271
SHA512 ad0acf22a6e885b5f0bbb1732cff54e8b70819568457eccd092bceebd9e30803a5c13e4026b9a9afd2bcbfdb0dd7d853a8878a6b4bc8e254d647818d7156a2ba

C:\Users\Admin\Downloads\LBLeak\Build\LB3_pass.exe

MD5 7d7abd1456c57cd10fadea94dde87564
SHA1 8d020df2fbd66b17a1659fa92be46289f7db379c
SHA256 4341f67b69052639a3cbb262cd8e1c76402c11fc515d1ec3d7547f67f5d57a92
SHA512 de2cbbb795ca5665c3fa71c2605afa47171e05e21dc2379b2a8b5c6696c5b1ca9f4e103c4ae16c4ed6b9fab8a1202b34056a7b351f87b15edba5d0d776e390f4

C:\Users\Admin\Downloads\LBLeak\Build\LB3Decryptor.exe

MD5 95f0de20bf5311afbcfdd1822a92deae
SHA1 db39750e571ce47ce4da11446b1bcd850c32369b
SHA256 8fdd05d9be3fef97970a4b0b1e3729690e21de181283850893ebe650d7a9b514
SHA512 d78de29da28f37875e26a5f92267e96423e6f9711cf9979c46298e676eb34145141517d73ff084d73536577fb1f381dc59838871ec190111b50295aff849e196

C:\Users\Admin\Downloads\LBLeak\Build\LB3.exe

MD5 8c23a42efcdc664c65fcaa5ea5ddf412
SHA1 b59eb8c130827e1b6fb31b467794cc736cfa5482
SHA256 5ba70f10b73c0ea4e2c7faa3f2113cc3c38780177bbf3e4b4a6c746e44cad195
SHA512 68fa25813b7bb9cc344bd2abb34be7b08238df755ace6c326da3f41074843579abf8c5b9354881078d91f0b5a9190f0b267653741dc66c0396d4b866c8142932

C:\Users\Admin\Downloads\LBLeak\Build\DECRYPTION_ID.txt

MD5 52401cf56af0c10bbb574f2bb71c4896
SHA1 cda309d94662f383b4dcd78313bbe75cad4821ac
SHA256 e98a77f6da2a9aa06b9bf3560c9f55ae2668c74c1e808587b7ab84f3a37da06e
SHA512 c9776f98ad85f3201c7c30beb0a080ff2390a9810e4449150a265631bd9fd6bc0163d6a0693596a55f6a0a1070332dcecc9207dad3629a6b73337c39f845b520

C:\Users\Admin\Downloads\LBLeak\Build\priv.key

MD5 4e72c135389532bb8b4a6e368347ad6f
SHA1 9c82b6d8b4ad027edcc1bb281ab5775cb52ef8c8
SHA256 198d3f18419fab0fc4af3d6b7bad8233b3e9f1d197479474dd2975475a18e820
SHA512 041ac89fa6a0566aa34223c085928f2b281503a64235054da7d210d5868540565bd150a15649c61ee7c7bd2100340d125cb22b24f95be819c5a8178dfb0d4739

C:\Users\Admin\Downloads\LBLeak\Build\pub.key

MD5 f4047c27f4b53e6b5aa334c3525893c8
SHA1 7cedf27baf56a2b63f35166e9254b6c82d24af09
SHA256 7a6fd648ef6cefd4ac838373b5e4863796b00bbdca48c68c25f3ccda69eda977
SHA512 78ed0c42f021c2a27ef549ac20bfe7f011d6ca7cdda06c910a6452a2239806e6b0ee3fa7a62826083d5c57dc85d8e4b84dfaabc83076013041a48bc29f912064