Malware Analysis Report

2024-10-16 03:22

Sample ID 220921-tspx8sccdj
Target https://github.com/3xp0rt/LockBit-Black-Builder
Tags
blackmatter ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/3xp0rt/LockBit-Black-Builder was found to be: Known bad.

Malicious Activity Summary

blackmatter ransomware spyware stealer

BlackMatter Ransomware

Executes dropped EXE

Modifies extensions of user files

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Enumerates system info in registry

Opens file in notepad (likely ransom note)

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Control Panel

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-09-21 16:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-09-21 16:19

Reported

2022-09-21 16:27

Platform

win10-20220812-it

Max time kernel

434s

Max time network

435s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/3xp0rt/LockBit-Black-Builder

Signatures

BlackMatter Ransomware

ransomware blackmatter

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\ChromeRecovery.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\keygen.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\ProgramData\4373.tmp N/A
N/A N/A C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\keygen.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\ProgramData\8D72.tmp N/A
N/A N/A C:\Users\Admin\Desktop\LB3Decryptor.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\PopCompare.tiff => C:\Users\Admin\Pictures\PopCompare.tiff.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\SaveStep.tiff => C:\Users\Admin\Pictures\SaveStep.tiff.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\FormatResolve.tif.7FJH6jImX C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\ShowFind.crw.7FJH6jImX C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File renamed C:\Users\Admin\Pictures\UpdateRename.raw => C:\Users\Admin\Pictures\UpdateRename.raw.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\ResetHide.tif.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\ShowFind.crw => C:\Users\Admin\Pictures\ShowFind.crw.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\SaveStep.tiff.7FJH6jImX => C:\Users\Admin\Pictures\SaveStep.tiff C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\FormatResolve.tif.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\PopCompare.tiff C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\PopCompare.tiff => C:\Users\Admin\Pictures\PopCompare.tiff.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\UpdateRename.raw.BLHT3dkH1 C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File renamed C:\Users\Admin\Pictures\SaveStep.tiff.BLHT3dkH1 => C:\Users\Admin\Pictures\SaveStep.tiff C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\SaveStep.tiff C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\SaveStep.tiff.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\SaveStep.tiff C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\ResetHide.tif.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\FormatResolve.tif.BLHT3dkH1 C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\PopCompare.tiff.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\SaveStep.tiff.7FJH6jImX C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File renamed C:\Users\Admin\Pictures\FormatResolve.tif => C:\Users\Admin\Pictures\FormatResolve.tif.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\PopCompare.tiff.BLHT3dkH1 => C:\Users\Admin\Pictures\PopCompare.tiff C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\PopCompare.tiff C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\FormatResolve.tif.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\PopCompare.tiff.7FJH6jImX => C:\Users\Admin\Pictures\PopCompare.tiff C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\PopCompare.tiff C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File renamed C:\Users\Admin\Pictures\ResetHide.tif => C:\Users\Admin\Pictures\ResetHide.tif.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\SaveStep.tiff C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\ResetHide.tif.BLHT3dkH1 C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\ShowFind.crw.BLHT3dkH1 C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\SaveStep.tiff C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\PopCompare.tiff C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\ShowFind.crw.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\ResetHide.tif.7FJH6jImX C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\UpdateRename.raw.7FJH6jImX C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File renamed C:\Users\Admin\Pictures\SaveStep.tiff => C:\Users\Admin\Pictures\SaveStep.tiff.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\ShowFind.crw => C:\Users\Admin\Pictures\ShowFind.crw.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\UpdateRename.raw.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\UpdateRename.raw.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\PopCompare.tiff.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\ShowFind.crw.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\FormatResolve.tif => C:\Users\Admin\Pictures\FormatResolve.tif.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\ResetHide.tif => C:\Users\Admin\Pictures\ResetHide.tif.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File renamed C:\Users\Admin\Pictures\UpdateRename.raw => C:\Users\Admin\Pictures\UpdateRename.raw.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\PopCompare.tiff.7FJH6jImX C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\SaveStep.tiff.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\Users\Admin\Pictures\PopCompare.tiff.BLHT3dkH1 C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
File opened for modification C:\Users\Admin\Pictures\SaveStep.tiff.BLHT3dkH1 C:\Users\Admin\Desktop\LB3Decryptor.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\desktop.ini C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\desktop.ini C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\7FJH6jImX.bmp" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop\WallPaper C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\BLHT3dkH1.bmp" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\BLHT3dkH1.bmp" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop\WallPaper C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\7FJH6jImX.bmp" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\4373.tmp N/A
N/A N/A C:\ProgramData\8D72.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\ChromeRecovery.exe C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\manifest.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\manifest.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\_metadata\verified_contents.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\_metadata\verified_contents.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\ChromeRecoveryCRX.crx C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\ChromeRecovery.exe C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\system32\svchost.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LB3Decryptor.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\json_auto_file C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.BLHT3dkH1\ = "BLHT3dkH1" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\7FJH6jImX\DefaultIcon C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\json_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BLHT3dkH1\DefaultIcon C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BLHT3dkH1\DefaultIcon\ = "C:\\ProgramData\\BLHT3dkH1.ico" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.7FJH6jImX\ = "7FJH6jImX" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\json_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\.json C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\.json\ = "json_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\json_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\BLHT3DKH1\DEFAULTICON C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.BLHT3dkH1 C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\7FJH6jImX\DefaultIcon\ = "C:\\ProgramData\\7FJH6jImX.ico" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\.7FJH6jImX C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\json_auto_file\shell\open\command\ = "\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\"" C:\Windows\system32\OpenWith.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\7FJH6JIMX\DEFAULTICON C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\BLHT3dkH1 C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.7FJH6jImX C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\7FJH6jImX C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.BLHT3dkH1 C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: 36 N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: 33 N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Desktop\LB3Decryptor.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Desktop\LB3Decryptor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2180 wrote to memory of 2516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 2516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 4852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2180 wrote to memory of 3356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/3xp0rt/LockBit-Black-Builder

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9e6c34f50,0x7ff9e6c34f60,0x7ff9e6c34f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1520 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1732 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4044 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4532 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4688 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4620 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5116 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\README.md

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2384 /prefetch:8

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:8

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\ChromeRecovery.exe

"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={20319e91-cc8a-4f84-a435-7d4c6ff40884} --system

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\" -spe -an -ai#7zMap28685:182:7zEvent5733

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\config.json

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1508,16443914320743882411,2817091248448673532,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2404 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build.bat" "

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\keygen.exe

keygen -path C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type dec -privkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\OpenClear.ps1xml

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\tte.txt

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe

"C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc

C:\ProgramData\4373.tmp

"C:\ProgramData\4373.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\4373.tmp >> NUL

C:\Users\Admin\Desktop\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LB3Decryptor.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\tte - Copia.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\config.json"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build.bat" "

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\keygen.exe

keygen -path C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type dec -privkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe

"C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc

C:\ProgramData\8D72.tmp

"C:\ProgramData\8D72.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\8D72.tmp >> NUL

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Desktop\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LB3Decryptor.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\tte - Copia.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.174:443 clients2.google.com tcp
NL 172.217.168.237:443 accounts.google.com tcp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.39.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.5:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 140.82.112.9:443 codeload.github.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 142.250.102.93:443 sb-ssl.google.com tcp
US 8.8.4.4:443 dns.google tcp
US 104.208.16.90:443 tcp
US 209.197.3.8:80 tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.195:443 update.googleapis.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.195:443 udp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp

Files

\??\pipe\crashpad_2180_QWVRZZRDUCIKVWMD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/308-121-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3

MD5 ea1c1ffd3ea54d1fb117bfdbb3569c60
SHA1 10958b0f690ae8f5240e1528b1ccffff28a33272
SHA256 7c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d
SHA512 6c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf

memory/2908-125-0x0000000000000000-mapping.dmp

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir5020_942308856\ChromeRecovery.exe

MD5 49ac3c96d270702a27b4895e4ce1f42a
SHA1 55b90405f1e1b72143c64113e8bc65608dd3fd76
SHA256 82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f
SHA512 b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

memory/2908-127-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-128-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-129-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-130-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-131-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-132-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-133-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-134-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-135-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-136-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-137-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-138-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-139-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-140-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-141-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-142-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-143-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-144-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-145-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-146-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-147-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-148-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-149-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-150-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-151-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-152-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-153-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-154-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-155-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-156-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-157-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-158-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-159-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-160-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-161-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-162-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-163-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-164-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-166-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-165-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-167-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-168-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-169-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-170-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-171-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-172-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-173-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-174-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-175-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-176-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-177-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-178-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-179-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-180-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-181-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-182-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-183-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-184-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-185-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-186-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-187-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-188-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-189-0x0000000077720000-0x00000000778AE000-memory.dmp

memory/2908-190-0x0000000077720000-0x00000000778AE000-memory.dmp

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\config.json

MD5 a6ba7b662de10b45ebe5b6b7edaa62a9
SHA1 f3ed67bdaef070cd5a213b89d53c5b8022d6f266
SHA256 3f7518d88aefd4b1e0a1d6f9748f9a9960c1271d679600e34f5065d8df8c9dc8
SHA512 7fc9d4d61742a26def74c7dd86838482e3fc1e4e065cb3a06ae151e2c8614c9c36e8816ae0a3560ad5dd3cc02be131cb232c7deacc7f7b5a611e8eec790feea1

memory/4336-195-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build.bat

MD5 4e46e28b2e61643f6af70a8b19e5cb1f
SHA1 804a1d0c4a280b18e778e4b97f85562fa6d5a4e6
SHA256 8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339
SHA512 009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

memory/4560-197-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\keygen.exe

MD5 71c3b2f765b04d0b7ea0328f6ce0c4e2
SHA1 bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4
SHA256 ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37
SHA512 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\keygen.exe

MD5 71c3b2f765b04d0b7ea0328f6ce0c4e2
SHA1 bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4
SHA256 ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37
SHA512 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

memory/5076-231-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\priv.key

MD5 0eeef6d57d61d5aff96fb4f6db130621
SHA1 98e4af3368dd1b40f349c561bba6db9294d2e737
SHA256 a59165acd2b099febdb25853e5e6fb3b357fa2cb808cdc8bf60a1b4782c33fa9
SHA512 5fbbe99791c33c653e66a0518b8d2846200c867ddd07c6195bcad7344a168a53cb3130872a5bdb97df2ab3155814de67ddfcefd51ee2173f42058cf23d768026

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\config.json

MD5 af933cd61affa1ec8d44f8198be3f21f
SHA1 278ed051fbbeb8f3f4b7823f90b95ba525e378fa
SHA256 a6ed120dcaa50101fea183191d582b7b7f9fd2c3b025bdba31955559ab05331e
SHA512 856b0c91c6bf18324735664e508df162e36c00e8fc83b9373714886a9cb531142c840a8f1f2a52b8e9c54714e07c988488292a542155b96b621a1eb07b123de0

memory/4684-268-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\pub.key

MD5 982aa064c1ee0b32ab63d3e2247c4da7
SHA1 06ecbb94752078cce145ab6b7f04ff8237af30e3
SHA256 ec62377187e41598792288208938d4c11a7c815cd43f0e363dafc583a18c33fa
SHA512 c2a842bcccd77d93c065f4a5ec8dd6f894f1c86803a5311cb59c78a56bbfa47792ae5ad054f005e42ee036a125bb4b9d512ffabbb6de6b01b0f09327cda8b6ba

memory/1780-301-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

memory/3828-333-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

memory/3784-365-0x0000000000000000-mapping.dmp

memory/4652-397-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe

MD5 ea4612a8f1527e076d251a5de0eebd17
SHA1 bd4daa56cc71a509d42b634b1cea8fa8f9e7604f
SHA256 4c36fc146fee7e6c3334e279f3f944e75650e0a17caab9c00e787c4f8d6f9eda
SHA512 93373b52347232759d348e771aaf2a68610c788e7e1b04161439737acd4410f00943f10f26c737162dc032a11bff988e3aefaa31dcc1b8581d8efda07e14c0cf

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe

MD5 ea4612a8f1527e076d251a5de0eebd17
SHA1 bd4daa56cc71a509d42b634b1cea8fa8f9e7604f
SHA256 4c36fc146fee7e6c3334e279f3f944e75650e0a17caab9c00e787c4f8d6f9eda
SHA512 93373b52347232759d348e771aaf2a68610c788e7e1b04161439737acd4410f00943f10f26c737162dc032a11bff988e3aefaa31dcc1b8581d8efda07e14c0cf

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\TTTTTTTTTTT

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\SSSSSSSSSSS

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\RRRRRRRRRRR

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\QQQQQQQQQQQ

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\PPPPPPPPPPP

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\OOOOOOOOOOO

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\NNNNNNNNNNN

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\MMMMMMMMMMM

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\LLLLLLLLLLL

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\KKKKKKKKKKK

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\JJJJJJJJJJJ

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\IIIIIIIIIII

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\HHHHHHHHHHH

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\GGGGGGGGGGG

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\FFFFFFFFFFF

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\EEEEEEEEEEE

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\DDDDDDDDDDD

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\CCCCCCCCCCC

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\BBBBBBBBBBB

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\AAAAAAAAAAA

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

C:\$Recycle.Bin\S-1-5-21-2482096546-1136599444-1359412500-1000\desktop.ini

MD5 87b109b0065c9548907bcd1b11aa9699
SHA1 d085a98b3d3146c8d71b48befce502d970b43132
SHA256 e10af7b6cf07faf373e0d6c9368fce81e6d514b2747ef6c3bd6a80981a461c1e
SHA512 bbad9ea313abdeb2a3093a8efc27b14b3725e0507d9aa5834da900d39930fb9d9dc4e0a7390bb183019494fe4a356166a52be83c9eeb470a3651b1d13ceefcc8

memory/4148-534-0x0000000000000000-mapping.dmp

memory/4148-558-0x0000000000400000-0x0000000000407000-memory.dmp

memory/2436-582-0x0000000000000000-mapping.dmp

memory/4148-584-0x0000000000400000-0x0000000000407000-memory.dmp

memory/5116-633-0x0000000000000000-mapping.dmp

memory/4116-634-0x0000000000000000-mapping.dmp

memory/4728-664-0x0000000000000000-mapping.dmp

memory/4976-695-0x0000000000000000-mapping.dmp

memory/1248-726-0x0000000000000000-mapping.dmp

memory/4948-757-0x0000000000000000-mapping.dmp

memory/1940-788-0x0000000000000000-mapping.dmp

memory/3116-819-0x0000000000000000-mapping.dmp

memory/2460-931-0x0000000000000000-mapping.dmp

memory/2460-969-0x0000000000400000-0x0000000000407000-memory.dmp

memory/188-979-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-09-21 16:19

Reported

2022-09-21 16:29

Platform

win10v2004-20220812-it

Max time kernel

557s

Max time network

568s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/3xp0rt/LockBit-Black-Builder

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4164 wrote to memory of 4184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 4184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4164 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/3xp0rt/LockBit-Black-Builder

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdfa24f50,0x7fffdfa24f60,0x7fffdfa24f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1660 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2312 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4972 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5084 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4752 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4844 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,14792446119149992005,4956231668415588619,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 github.com udp
NL 172.217.168.237:443 accounts.google.com tcp
NL 142.250.179.174:443 clients2.google.com tcp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.36.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.114.5:443 api.github.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 52.182.143.211:443 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.195:443 update.googleapis.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 93.184.221.240:80 tcp
NL 142.250.179.195:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.195:443 udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.195:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.195:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp

Files

\??\pipe\crashpad_4164_IBBKHRRTRDOPYRXW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e