Malware Analysis Report

2024-10-16 03:22

Sample ID 220922-l6m2ssbba9
Target https://github.com/3xp0rt/LockBit-Black-Builder
Tags
blackmatter ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/3xp0rt/LockBit-Black-Builder was found to be: Known bad.

Malicious Activity Summary

blackmatter ransomware spyware stealer

BlackMatter Ransomware

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Sets desktop wallpaper using registry

Enumerates physical storage devices

Program crash

Enumerates system info in registry

Opens file in notepad (likely ransom note)

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of SetWindowsHookEx

Modifies Control Panel

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-09-22 10:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-09-22 10:08

Reported

2022-09-22 10:13

Platform

win10v2004-20220901-en

Max time kernel

243s

Max time network

243s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/3xp0rt/LockBit-Black-Builder

Signatures

BlackMatter Ransomware

ransomware blackmatter

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\ProgramData\F497.tmp N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\desktop.ini C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\KmNsi9A4W.bmp" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\KmNsi9A4W.bmp" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop\WallPaper C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\ProgramData\F497.tmp N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFault.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop\WallpaperStyle = "10" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\KmNsi9A4W\DefaultIcon\ = "C:\\ProgramData\\KmNsi9A4W.ico" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\KMNSI9A4W\DEFAULTICON C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\.KMNSI9A4W C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KmNsi9A4W C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\KmNsi9A4W\DefaultIcon C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\KmNsi9A4W C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe N/A
Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.KmNsi9A4W C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.KmNsi9A4W\ = "KmNsi9A4W" C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
N/A N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: 36 N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: 33 N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3388 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 3868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/3xp0rt/LockBit-Black-Builder

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa998c4f50,0x7ffa998c4f60,0x7ffa998c4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1660 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2016 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4776 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5032 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4512 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 468 -p 5008 -ip 5008

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 5008 -s 2460

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_LockBit-Black-Builder-main.zip\LockBit-Black-Builder-main\README.md

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\LockBit30\" -spe -an -ai#7zMap17982:74:7zEvent20803

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit30\config.json

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit30\Build.bat" "

C:\Users\Admin\Desktop\LockBit30\keygen.exe

keygen -path C:\Users\Admin\Desktop\LockBit30\Build -pubkey pub.key -privkey priv.key

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type dec -privkey C:\Users\Admin\Desktop\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_pass.exe

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_Rundll32.dll

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_Rundll32_pass.dll

C:\Users\Admin\Desktop\LockBit30\builder.exe

builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll

C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe

"C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe"

C:\ProgramData\F497.tmp

"C:\ProgramData\F497.tmp"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\F497.tmp >> NUL

C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe

"C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe"

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 github.com udp
NL 172.217.168.237:443 accounts.google.com udp
NL 142.250.179.174:443 clients2.google.com udp
US 140.82.113.4:443 github.com tcp
US 140.82.113.4:443 github.com tcp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.6:443 api.github.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 140.82.113.10:443 codeload.github.com tcp
US 8.8.8.8:53 sb-ssl.google.com udp
US 142.250.102.136:443 sb-ssl.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 13.89.179.9:443 tcp
NL 104.80.225.205:443 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 209.197.3.8:80 tcp
US 204.79.197.200:443 tcp

Files

\??\pipe\crashpad_3388_PEGEIJNERMQXTKCS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4988-133-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\config.json

MD5 a6ba7b662de10b45ebe5b6b7edaa62a9
SHA1 f3ed67bdaef070cd5a213b89d53c5b8022d6f266
SHA256 3f7518d88aefd4b1e0a1d6f9748f9a9960c1271d679600e34f5065d8df8c9dc8
SHA512 7fc9d4d61742a26def74c7dd86838482e3fc1e4e065cb3a06ae151e2c8614c9c36e8816ae0a3560ad5dd3cc02be131cb232c7deacc7f7b5a611e8eec790feea1

memory/3856-135-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\Build.bat

MD5 4e46e28b2e61643f6af70a8b19e5cb1f
SHA1 804a1d0c4a280b18e778e4b97f85562fa6d5a4e6
SHA256 8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339
SHA512 009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

memory/3304-137-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\keygen.exe

MD5 71c3b2f765b04d0b7ea0328f6ce0c4e2
SHA1 bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4
SHA256 ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37
SHA512 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

C:\Users\Admin\Desktop\LockBit30\keygen.exe

MD5 71c3b2f765b04d0b7ea0328f6ce0c4e2
SHA1 bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4
SHA256 ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37
SHA512 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

memory/3064-140-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit30\Build\priv.key

MD5 ec90c92f804dc85997133678bf6eff46
SHA1 7a509cbdf152e72f6a586d1aca5ecea38d28889f
SHA256 34e3fae1bfb60ffe00c78341f21b0453898d8da4d272661a7cc99f55ef95ea25
SHA512 e6448c0cce0d7e9406ad5f40f45d1bdd512d2716c16ce05937df74aaa34448b79e66a3be34cef88d753a136c82e5f2e4e381c550c8d3d7e6b9f3e0b174f37e92

C:\Users\Admin\Desktop\LockBit30\config.json

MD5 a4246094ee4b631eec4edbe1db24b830
SHA1 c2078b62d63bcc54cc0d3cd92305cb0c3b7960c4
SHA256 6fbd1af8af5a2bb2eb69f4e753bf41815aca0596edeed640b29753b4758b1801
SHA512 43caa909e7cc8e535d46e078f314dd1f79d1f44b1fff7706119e68f90481f33f4191f29da0fd0e1c22b2d32f0769c485aa550ca83f4ce1e3f1a16a7a09ffe396

memory/3288-145-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit30\Build\pub.key

MD5 6c7b8d3d631b0af8a5b98797b3cbf031
SHA1 8d7599f8128330b4d130ecec8f91163219aa832c
SHA256 e8da230ced240f1db3c3d6b68bb058756d65fe35a2291bf6fc82628f4385cb74
SHA512 2fdae7138cdabfa47cb4074f2dcab946652850e40f2fccffa1f3693a208e71da952fa18433c580c5d692dd02b3dd68196c08a86c618e5d0b0f2dbfcfcf0dffb0

memory/4760-148-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

memory/1736-150-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

memory/1796-152-0x0000000000000000-mapping.dmp

memory/4384-154-0x0000000000000000-mapping.dmp

C:\Users\Admin\Desktop\LockBit30\builder.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe

MD5 c123c2a1c3c44d05bb5cdd02a0f7073b
SHA1 772ab17398cae353db0277964c697a7eb19f5a33
SHA256 fe48f1d26bed003dcde6576693159a53c3f9750bd1980c9c59a613d3855821d1
SHA512 d6e1d07bc4e9b7a839f50d1a1efefaa8d61143cbd573194524ebb037ecffa71202907cbbf59714896bf4aa5bb5b2009d386e522a3ad278d956783df436defbb6

C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe

MD5 c123c2a1c3c44d05bb5cdd02a0f7073b
SHA1 772ab17398cae353db0277964c697a7eb19f5a33
SHA256 fe48f1d26bed003dcde6576693159a53c3f9750bd1980c9c59a613d3855821d1
SHA512 d6e1d07bc4e9b7a839f50d1a1efefaa8d61143cbd573194524ebb037ecffa71202907cbbf59714896bf4aa5bb5b2009d386e522a3ad278d956783df436defbb6

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\RRRRRRRRRRR

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\UUUUUUUUUUU

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\TTTTTTTTTTT

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\SSSSSSSSSSS

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\QQQQQQQQQQQ

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\YYYYYYYYYYY

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\XXXXXXXXXXX

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\WWWWWWWWWWW

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\VVVVVVVVVVV

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\PPPPPPPPPPP

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\OOOOOOOOOOO

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\NNNNNNNNNNN

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\MMMMMMMMMMM

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\LLLLLLLLLLL

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\KKKKKKKKKKK

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\JJJJJJJJJJJ

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\IIIIIIIIIII

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\HHHHHHHHHHH

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\GGGGGGGGGGG

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\FFFFFFFFFFF

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\EEEEEEEEEEE

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\DDDDDDDDDDD

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\CCCCCCCCCCC

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\BBBBBBBBBBB

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\AAAAAAAAAAA

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\desktop.ini

MD5 0ad8363f6e24361c4a093d612fa025ef
SHA1 8da1983f8193d32959100ac32a9e8fbe016e8ae4
SHA256 a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea
SHA512 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1

C:\Users\Admin\Downloads\LockBit-Black-Builder-main.zip

MD5 c1feb08ac7b862ae99d2ab44d166c295
SHA1 f4441603e21c567687726da4a7b8f03506267c9e
SHA256 71ad2d8c8145a4b9490a9c6735e7a4fb2d404a3713f85a6e93ec22e989ecdc98
SHA512 948069661893063a0742b7cb1777478570ee2993a154c3bee7f189afadbbfaa0e1043abd264e89ef36b57fc923522e49c1fc64a6ceeec2af856beaa102b8a403

C:\Users\Admin\Desktop\LockBit30\Build\Password_exe.txt

MD5 1683ab1a5d9887d00042331b1185693e
SHA1 17ff210dec7114a042a453af678fdb35fa9331d7
SHA256 86f4b8c2142b1d9b0c85f32570524649f0f2ee1412bd472dd245e02b4f21063f
SHA512 f0739a86f108ea52e664a240d2f1cf4241cee08509adcc67bedee8552fd5d8ca403e35b2095d43b5c4d022f346c61f3f91feea16d887aba03b4e2b2d1c3646d0

C:\Users\Admin\Desktop\LockBit30\Build\Password_dll.txt

MD5 4d4a5cb0fc62dd7e91b588eeffba0e53
SHA1 78fb02b7e9b2a5dc3d9d3ae49f8fdfe542c138f8
SHA256 e3547dde269ea3369276d578eca997c77f525fddd2078a69d2e9509ab97a8fa2
SHA512 0bdd167ba12dd8b45d48c167bd283ab2a0fb666b9df29b805371e9f26a6c803936d460b154dd58ee45f1bdc2559486a68311967fba96bfc55b393630dd3531f9

C:\Users\Admin\Desktop\LockBit30\Build\DECRYPTION_ID.txt

MD5 b4df989f669e90b521e36e8471426999
SHA1 c4df0d61317b4d20e32a8c10d1bc2779132df87c
SHA256 fb13c2148e883cc87ad1a71160b2ac2ab29aaf767e7820aae24c2120a7ee79ed
SHA512 9bfb53d9ff1a6d4d1560e08fb07896c1ce47edd248de1b3ce7db9f4a9e6f91da041899f74e38d5c1087750ef859560ee5e54e6a438e06d3a105cdffea85e4344

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

MD5 25c303582b0ac80e24fdda3a9d7072c8
SHA1 b68b7dd87b9b34539925c3ad57bfdc52a96fd8c6
SHA256 af0ad510bec46711e35eb97cf300078ecc1608bddfc11d5e1a2bc84c0ca571d7
SHA512 126ef5a5c9443bfb0dc4540d8ac499d7e7689fdbb6bd4b2b8613fccebe909e27cd2776851ac572546fa93f6707549dd2706fabcbeb34bbffe4e49cf13febb224

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 5d6edd5a452ae2b158399c2c677df58c
SHA1 0b8e0a503429f7ca82071e5b4458335999c408c9
SHA256 4ec429720841acb2fb0590d03f11f12741670acd15d5f2ef13cbb335c6e0998d
SHA512 0f06ead6645979ce924f7b0c1f11f2f5ce1d5c4f3e42d7b45f9f1fded077c2e0deb14341947af87c9b4f4150a50c49b0df26e559c7510ac0ff9c9622633bf8de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

MD5 f58d1d2b4aa15dd33f06972894c24d11
SHA1 2d1cfea256eef61a3d3cfb337ed6cc03236275d9
SHA256 258d9d96274398d02edd0c2d5d7eb4256e01b102dded31af5689adbbae3719b3
SHA512 03ef149611fd85bf9508b421964b2c78ffabd74a5ed37cbb10ad367682ce8f71206e2cc46d90cb47cd1af446017b2c6c262f9b4060455f602f0dfee7792132fa

memory/3824-191-0x0000000000000000-mapping.dmp

memory/4980-192-0x0000000000000000-mapping.dmp

memory/3824-193-0x0000000000400000-0x0000000000407000-memory.dmp