Malware Analysis Report

2024-10-16 03:22

Sample ID 220921-sfwpkscbcq
Target https://github.com/3xp0rt/LockBit-Black-Builder
Tags
blackmatter ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/3xp0rt/LockBit-Black-Builder was found to be: Known bad.

Malicious Activity Summary

blackmatter ransomware spyware stealer

BlackMatter Ransomware

Modifies extensions of user files

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Drops desktop.ini file(s)

Sets desktop wallpaper using registry

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Program crash

Modifies Control Panel

Opens file in notepad (likely ransom note)

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-09-21 15:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-09-21 15:04

Reported

2022-09-21 15:13

Platform

win10v2004-20220812-it

Max time kernel

508s

Max time network

515s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/3xp0rt/LockBit-Black-Builder

Signatures

BlackMatter Ransomware

ransomware blackmatter

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\HideLock.tif => C:\Users\Admin\Pictures\HideLock.tif.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\SendSave.raw.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\ConvertLimit.png.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\HideLock.tif.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\SendSave.raw => C:\Users\Admin\Pictures\SendSave.raw.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\ConvertLimit.png.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\HideLock.tif.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\SendSave.raw.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
File renamed C:\Users\Admin\Pictures\ConvertLimit.png => C:\Users\Admin\Pictures\ConvertLimit.png.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation C:\ProgramData\853F.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\desktop.ini C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\7MndmOidL.bmp" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\7MndmOidL.bmp" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\Desktop\WallPaper C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\853F.tmp N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Desktop\LockBit30\Build\LB3_pass.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "182" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.7MndmOidL\ = "7MndmOidL" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\7MndmOidL\DefaultIcon C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\7MndmOidL\DefaultIcon\ = "C:\\ProgramData\\7MndmOidL.ico" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\7MNDMOIDL\DEFAULTICON C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.7MndmOidL C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: 36 N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: 33 N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2896 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4972 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 1080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 3816 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/3xp0rt/LockBit-Black-Builder

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedf234f50,0x7ffedf234f60,0x7ffedf234f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1680 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2328 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4904 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5476 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\LockBit30\" -spe -an -ai#7zMap9867:74:7zEvent16933

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1664,17552512017415052144,4770756426805288862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit30\Build.bat" "

C:\Users\Admin\Desktop\LockBit30\keygen.exe

keygen -path C:\Users\Admin\Desktop\LockBit30\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type dec -privkey C:\Users\Admin\Desktop\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_pass.exe

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_Rundll32.dll

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit30\Build\DECRYPTION_ID.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit30\Build\Password_dll.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit30\Build\Password_exe.txt

C:\Users\Admin\Desktop\LockBit30\Build\LB3_pass.exe

"C:\Users\Admin\Desktop\LockBit30\Build\LB3_pass.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1436 -ip 1436

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 280

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit30\Build\Password_exe.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit30\Build\pub.key

C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe

"C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe"

C:\ProgramData\853F.tmp

"C:\ProgramData\853F.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\853F.tmp >> NUL

C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SaveComplete.txt

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SuspendExport.m4v"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RestartBackup.css

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa38d5855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 github.com udp
NL 172.217.168.237:443 accounts.google.com tcp
NL 142.250.179.174:443 clients2.google.com tcp
US 140.82.113.4:443 github.com tcp
US 140.82.113.4:443 github.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.112.5:443 api.github.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 140.82.114.10:443 codeload.github.com tcp
NL 142.250.179.131:443 ssl.gstatic.com tcp
FR 51.11.192.48:443 tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 142.251.39.110:443 sb-ssl.google.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.195:443 update.googleapis.com tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 93.184.220.29:80 tcp
US 204.79.197.200:443 tcp
US 131.253.33.200:443 www.bing.com tcp
US 8.8.8.8:53 2472c6a0cb25f666543377fa4eabf8c1.clo.footprintdns.com udp
CH 20.199.196.24:443 2472c6a0cb25f666543377fa4eabf8c1.clo.footprintdns.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp

Files

\??\pipe\crashpad_2896_JQWAIHVZOXEUVWHU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Desktop\LockBit30\Build.bat

MD5 4e46e28b2e61643f6af70a8b19e5cb1f
SHA1 804a1d0c4a280b18e778e4b97f85562fa6d5a4e6
SHA256 8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339
SHA512 009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

memory/4620-135-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\keygen.exe

MD5 71c3b2f765b04d0b7ea0328f6ce0c4e2
SHA1 bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4
SHA256 ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37
SHA512 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

C:\Users\Admin\Desktop\LockBit30\keygen.exe

MD5 71c3b2f765b04d0b7ea0328f6ce0c4e2
SHA1 bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4
SHA256 ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37
SHA512 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

memory/2772-138-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit30\config.json

MD5 a6ba7b662de10b45ebe5b6b7edaa62a9
SHA1 f3ed67bdaef070cd5a213b89d53c5b8022d6f266
SHA256 3f7518d88aefd4b1e0a1d6f9748f9a9960c1271d679600e34f5065d8df8c9dc8
SHA512 7fc9d4d61742a26def74c7dd86838482e3fc1e4e065cb3a06ae151e2c8614c9c36e8816ae0a3560ad5dd3cc02be131cb232c7deacc7f7b5a611e8eec790feea1

C:\Users\Admin\Desktop\LockBit30\Build\priv.key

MD5 52696bd99131f7082457051d9f442524
SHA1 fb0142a0e88b748ce56ca05a5968eb5182e45feb
SHA256 9473748830c66724655bcc0e8feb6f92d7b1569e7a2c375b934af5cb1350576a
SHA512 16612e1989a15e9dc5066bd4ef9a22a612bf927a604db6014f46620761388c3dd295b42d4528eeca3f2efe7e3458b208d3aa56bbd4317e0958608cbe96087380

memory/3952-143-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit30\Build\pub.key

MD5 e86a924d3ee87a3394cd7a5586b8698b
SHA1 2a0e35bb929a7142be57c4c78a20630edddb8c78
SHA256 612af64d4e0afa6cd917f0778028a945043daae732200f2b5aab136ec79c07aa
SHA512 9b9ee6178e966412240784dad1d624bfd03fb298a3f06490f99716cd1d6eee355906e631dd23603f97b19a68a8888b322f01b1475644a80cdb581ae38dbcd53a

memory/4044-146-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

memory/2368-148-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

memory/4720-150-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

memory/4352-152-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit30\Build\DECRYPTION_ID.txt

MD5 df882b5d8d6bb9a10eef0489b19ab8f0
SHA1 bd23d8d8effce7ede9be86b8672d843520cd51d0
SHA256 767c1443950e9c293eb98411faa9cffd043e0115c050572e5c3838eda05f4b34
SHA512 2951a368b9bdeb81a2492a40d2abd49f32dbbdb9f1950a6038c0796342b2d05029200eb3ca9557321db9731f9a51931499263f3788aa5ed93f3d176da247858b

C:\Users\Admin\Desktop\LockBit30\Build\Password_dll.txt

MD5 b0cc1e3eafa3176bf20c304035fd30f3
SHA1 5294064911b8bec791438b2ac2c9ba15acb87f11
SHA256 c4f7358e9d412f164fe1ab18f6f6e428a7dd33edb7072e06f2e6de739c23acf2
SHA512 ce715da927e84f5893ae203d597aa931cfb40a68e536fc89ca97f15bbea5408ff5df441ed3bc8b057257d86a8666713ad03444853b6e45f663205087c6ab3e1e

C:\Users\Admin\Desktop\LockBit30\Build\Password_exe.txt

MD5 7e6d3c85f5a8b3a604dd998845761026
SHA1 c95ba7f7eb0c11ffe71859f0236df44958208bfd
SHA256 2d7a80435de7c8f543942ea163aef9b2e10689682b782ac1641b690f22d03469
SHA512 aeb576340a6be9d8ea54365893e1f0a93a339dbef25f62885341f7b84c2d034f0f47c0a1e346cc47bf7e0b0154560770a3838a0e99629d8fc975ca8253dc1535

C:\Users\Admin\Desktop\LockBit30\Build\LB3_pass.exe

MD5 45caaa163205f69ff7b2a77aabd11e23
SHA1 63945e8ba9ca0df17c6cc2ef2488a12c2adde36d
SHA256 22d00c4b20e2be1d2c5025fe9328d33edd8daaf8ccaf63b3fe0ee31696a4398d
SHA512 19efe6a6f7f79889d388c6068e9d8a8c443a2f903612ab9c70948f66db37b3eb9d76b39f747a1dc651cc4542cb5c41b7d6a4768d650159c6478434b5e4ceb1eb

C:\Users\Admin\Desktop\LockBit30\Build\LB3_pass.exe

MD5 45caaa163205f69ff7b2a77aabd11e23
SHA1 63945e8ba9ca0df17c6cc2ef2488a12c2adde36d
SHA256 22d00c4b20e2be1d2c5025fe9328d33edd8daaf8ccaf63b3fe0ee31696a4398d
SHA512 19efe6a6f7f79889d388c6068e9d8a8c443a2f903612ab9c70948f66db37b3eb9d76b39f747a1dc651cc4542cb5c41b7d6a4768d650159c6478434b5e4ceb1eb

memory/1436-159-0x0000000000400000-0x0000000000429000-memory.dmp

memory/3864-160-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe

MD5 f7cb62641b7958a73fb2fd84a24a223a
SHA1 37de3259b2b780e1af447c44476f1226f1857216
SHA256 7549f1fdad2d362e6b9aeedce9a7690c2c9bcf7d07044e707f7a1ecef6e65c7f
SHA512 2a27b6adad1256783e868fff8a48b26fa0c2f9931b1ab70d75a897dc7bfcd7e5a33a433807f605f760dfa292905f97ef19b58b8ac65ac8f0403b542d35a4f114

C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe

MD5 f7cb62641b7958a73fb2fd84a24a223a
SHA1 37de3259b2b780e1af447c44476f1226f1857216
SHA256 7549f1fdad2d362e6b9aeedce9a7690c2c9bcf7d07044e707f7a1ecef6e65c7f
SHA512 2a27b6adad1256783e868fff8a48b26fa0c2f9931b1ab70d75a897dc7bfcd7e5a33a433807f605f760dfa292905f97ef19b58b8ac65ac8f0403b542d35a4f114

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\AAAAAAAAAAA

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\BBBBBBBBBBB

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\HHHHHHHHHHH

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\GGGGGGGGGGG

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\OOOOOOOOOOO

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\WWWWWWWWWWW

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\VVVVVVVVVVV

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\UUUUUUUUUUU

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\TTTTTTTTTTT

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\SSSSSSSSSSS

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\RRRRRRRRRRR

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\QQQQQQQQQQQ

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\PPPPPPPPPPP

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\NNNNNNNNNNN

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\MMMMMMMMMMM

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\LLLLLLLLLLL

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\KKKKKKKKKKK

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\JJJJJJJJJJJ

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\IIIIIIIIIII

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\FFFFFFFFFFF

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\EEEEEEEEEEE

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\DDDDDDDDDDD

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\CCCCCCCCCCC

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

C:\$Recycle.Bin\S-1-5-21-2891029575-1462575-1165213807-1000\desktop.ini

MD5 830198dd3f169d41310015015afa5763
SHA1 33cfd18395748f855e842fe948444ff000d2c143
SHA256 c722cd5d03658f3c7d4dfbba65debff5389119118d1937ed9354e44f0c473494
SHA512 c1167ef811ab3322a71853e6da4ea287824eaf12dc88a1c7e1b0a2d827b2836afffd776649e9254bd1061eac5d475f546dc9c62a4d0d5e41cfbd85eaa0cfb375

memory/976-187-0x0000000000000000-mapping.dmp

memory/976-188-0x0000000000400000-0x0000000000407000-memory.dmp

memory/5004-189-0x0000000000000000-mapping.dmp