lockbit | ba72876bf978152d115b5c92d65708a56f0158dba13874e07aa15f81f0550801

Analysis

max time kernel
381s
max time network
391s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DarkDDos.exe
Size

1.9MB
MD5

b2ff2c84396125dafbfd74007e03eb0a
SHA1

6e27cb62bfd1a534a2e65ea76835fb4e661a3d55
SHA256

ba72876bf978152d115b5c92d65708a56f0158dba13874e07aa15f81f0550801
SHA512

39248ba9670e124d3d0b7cf0fba13bd09de82a7ed323c8072f7684c726c4eaf155d1f5dc3307eb913df3a8cdf347a93c71928a10e432d55b8a56e8eb8a2e46bb
SSDEEP

24576:ZS/HjpXQIeK/taIHjPDbAwFEBCp3JnR9DURFL4zHmse+4AYTW+V7EJu:ErtxFwA9Fr3JAFEXP4AYTz7

Score

10^/10

lockbit ransomware spyware stealer

Malware Config

Extracted

Path

C:\jTzbWjxcI.README.txt

Family

lockbit

Ransom Note

~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. You can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. Sometimes you will need to wait for our answer because we attack many companies. Links for Tor Browser: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion Link for the normal browser http://lockbitsupp.uz If you do not get an answer in the chat room for a long time, the site does not work and in any other emergency, you can contact us in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] >>>> Your personal DECRYPTION ID: B7568014A48684D6D525F3F3722638C4 >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> Advertisement Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. You can do it both using your work computer or the computer of any other employee in order to divert suspicion of being in collusion with us. Companies pay us the foreclosure for the decryption of files and prevention of data leak. You can contact us using Tox messenger without registration and SMS https://tox.chat/download.html. Using Tox messenger, we will never know your real name, it means your privacy is guaranteed. If you want to contact us, write in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] If this contact is expired, and we do not respond you, look for the relevant contact data on our website via Tor or Brave browser Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

Emails

[email protected]

URLs

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion

http://lockbitapt.uz

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

https://twitter.com/hashtag/lockbit?f=live

Signatures

Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 4 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\LockBit-main\Build\LB3_pass.exe	family_lockbit
C:\Users\Admin\Desktop\LockBit-main\Build\LB3_Rundll32_pass.dll	family_lockbit
C:\Users\Admin\Desktop\LockBit-main\Build\LB3.exe	family_lockbit
behavioral1/memory/3684-3869-0x0000000000400000-0x0000000000429000-memory.dmp	family_lockbit

Renames multiple (595) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

6F08.tmp

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation 6F08.tmp
Executes dropped EXE 7 IoCs

Processes:

LB3Decryptor.exeLB3.exeLB3Decryptor.exeLB3Decryptor.exe6F08.tmpLB3_pass.exeLB3Decryptor.exe

pid process

408 LB3Decryptor.exe
4420 LB3.exe
2832 LB3Decryptor.exe
5744 LB3Decryptor.exe
5628 6F08.tmp
3684 LB3_pass.exe
4736 LB3Decryptor.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	6F08.tmp

pid	process
408	LB3Decryptor.exe
4420	LB3.exe
2832	LB3Decryptor.exe
5744	LB3Decryptor.exe
5628	6F08.tmp
3684	LB3_pass.exe
4736	LB3Decryptor.exe

Drops desktop.ini file(s) 2 IoCs

Processes:

LB3.exe

description	ioc	process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini	LB3.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini	LB3.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

5 www.formyip.com

flow	ioc
5	www.formyip.com

Drops file in System32 directory 4 IoCs

Processes:

splwow64.exeprintfilterpipelinesvc.exe

description	ioc	process
File created	C:\Windows\system32\spool\PRINTERS\00002.SPL	splwow64.exe
File created	C:\Windows\system32\spool\PRINTERS\PPu4_aow7cjc4ypo00l51yas27b.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPf0l72ifod21kk2cnas1rdxdib.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PP9rw3cc_u4iroewg0kv9o3tt8c.TMP	printfilterpipelinesvc.exe

Sets desktop wallpaper using registry 2 TTPs 3 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

LB3Decryptor.exeLB3.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\WallPaper	LB3Decryptor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\jTzbWjxcI.bmp"	LB3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\jTzbWjxcI.bmp"	LB3.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

6F08.tmp

pid process

5628 6F08.tmp
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

1948 3576 WerFault.exe DarkDDos.exe
2164 3576 WerFault.exe DarkDDos.exe
1524 3684 WerFault.exe LB3_pass.exe

pid	process
5628	6F08.tmp

pid	pid_target	process	target process
1948	3576	WerFault.exe	DarkDDos.exe
2164	3576	WerFault.exe	DarkDDos.exe
1524	3684	WerFault.exe	LB3_pass.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ONENOTE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ONENOTE.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exeONENOTE.EXEchrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	ONENOTE.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Control Panel 3 IoCs

evasion

Processes:

LB3Decryptor.exeLB3.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop	LB3Decryptor.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop	LB3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\WallpaperStyle = "10"	LB3.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611183058678150"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 23 IoCs

Processes:

OpenWith.exeOpenWith.exeLB3.exeLB3Decryptor.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\json_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\json_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\jTzbWjxcI\DefaultIcon	LB3.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\JTZBWJXCI\DEFAULTICON	LB3Decryptor.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\鰀䆟縀䆁	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\json_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\json_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\jTzbWjxcI	LB3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\jTzbWjxcI\DefaultIcon\ = "C:\\ProgramData\\jTzbWjxcI.ico"	LB3.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\jTzbWjxcI	LB3Decryptor.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.json	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.json\ = "json_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\json_auto_file\shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\json_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\json_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.jTzbWjxcI	LB3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.jTzbWjxcI\ = "jTzbWjxcI"	LB3.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\.JTZBWJXCI	LB3Decryptor.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\json_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\鰀䆟縀䆁\ = "json_auto_file"	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

ONENOTE.EXE

pid process

1564 ONENOTE.EXE
1564 ONENOTE.EXE

pid	process
1564	ONENOTE.EXE
1564	ONENOTE.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

DarkDDos.exetaskmgr.exechrome.exetaskmgr.exechrome.exeLB3Decryptor.exeLB3.exe

pid	process
3576	DarkDDos.exe
3576	DarkDDos.exe
3576	DarkDDos.exe
3576	DarkDDos.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
1764	taskmgr.exe
3752	chrome.exe
3752	chrome.exe
408	LB3Decryptor.exe
408	LB3Decryptor.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe
4420	LB3.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

2300 OpenWith.exe

pid	process
2300	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

chrome.exechrome.exe

pid	process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskmgr.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1916	taskmgr.exe
Token: SeSystemProfilePrivilege	1916	taskmgr.exe
Token: SeCreateGlobalPrivilege	1916	taskmgr.exe
Token: 33	1916	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1916	taskmgr.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeCreatePagefilePrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

DarkDDos.exetaskmgr.exechrome.exe

pid	process
3576	DarkDDos.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

DarkDDos.exetaskmgr.exechrome.exe

pid	process
3576	DarkDDos.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
1916	taskmgr.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of SetWindowsHookEx 42 IoCs

Processes:

DarkDDos.exeOpenWith.exeLB3Decryptor.exeLB3Decryptor.exeLB3Decryptor.exeONENOTE.EXELB3Decryptor.exeOpenWith.exe

pid	process
3576	DarkDDos.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
2300	OpenWith.exe
408	LB3Decryptor.exe
2832	LB3Decryptor.exe
5744	LB3Decryptor.exe
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
1564	ONENOTE.EXE
4736	LB3Decryptor.exe
1576	OpenWith.exe
1576	OpenWith.exe
1576	OpenWith.exe
1576	OpenWith.exe
1576	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2604 wrote to memory of 3916	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3916	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3668	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 4116	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 4116	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe
PID 2604 wrote to memory of 3792	2604	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\DarkDDos.exe
"C:\Users\Admin\AppData\Local\Temp\DarkDDos.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 1112
2⤵
- Program crash
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 1728
2⤵
- Program crash
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3576 -ip 3576
1⤵
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3576 -ip 3576
1⤵
PID:4988

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa748aab58,0x7ffa748aab68,0x7ffa748aab78
2⤵
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:2
2⤵
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:1
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:1
2⤵
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4252 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5032 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:1
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4204 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:1
2⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:8
2⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 --field-trial-handle=1972,i,1710721084833910377,13829730128773120492,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3752

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1568

C:\Users\Admin\Desktop\LockBit-main\builder.exe
"C:\Users\Admin\Desktop\LockBit-main\builder.exe"
1⤵
PID:4128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit-main\config.json
2⤵
PID:1828

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:1764

C:\Users\Admin\Desktop\LockBit-main\keygen.exe
"C:\Users\Admin\Desktop\LockBit-main\keygen.exe"
1⤵
PID:1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-main\Build.bat" "
1⤵
PID:4984

C:\Users\Admin\Desktop\LockBit-main\keygen.exe
keygen -path Build -pubkey pub.key -privkey priv.key
2⤵
PID:2696

C:\Users\Admin\Desktop\LockBit-main\builder.exe
builder -type dec -privkey Build\priv.key -config config.json -ofile Build\LB3Decryptor.exe
2⤵
PID:2396

C:\Users\Admin\Desktop\LockBit-main\builder.exe
builder -type enc -exe -pubkey Build\pub.key -config config.json -ofile Build\LB3.exe
2⤵
PID:3764

C:\Users\Admin\Desktop\LockBit-main\builder.exe
builder -type enc -exe -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_pass.exe
2⤵
PID:4428

C:\Users\Admin\Desktop\LockBit-main\builder.exe
builder -type enc -dll -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32.dll
2⤵
PID:4880

C:\Users\Admin\Desktop\LockBit-main\builder.exe
builder -type enc -dll -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32_pass.dll
2⤵
PID:4636

C:\Users\Admin\Desktop\LockBit-main\builder.exe
builder -type enc -ref -pubkey Build\pub.key -config config.json -ofile Build\LB3_ReflectiveDll_DllMain.dll
2⤵
PID:4408

C:\Users\Admin\Desktop\LockBit-main\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LockBit-main\Build\LB3Decryptor.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:408

C:\Users\Admin\Desktop\LockBit-main\Build\LB3.exe
"C:\Users\Admin\Desktop\LockBit-main\Build\LB3.exe"
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4420

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
2⤵
- Drops file in System32 directory
PID:5136

C:\ProgramData\6F08.tmp
"C:\ProgramData\6F08.tmp"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5628

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\6F08.tmp >> NUL
3⤵
PID:3032

C:\Users\Admin\Desktop\LockBit-main\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LockBit-main\Build\LB3Decryptor.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5240

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
PID:5524

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{5BC2DE53-5202-4C6E-A093-2E133FBFD22D}.xps" 133611184509270000
2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\Desktop\LockBit-main\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LockBit-main\Build\LB3Decryptor.exe"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5744

C:\Users\Admin\Desktop\LockBit-main\Build\LB3_pass.exe
"C:\Users\Admin\Desktop\LockBit-main\Build\LB3_pass.exe"
1⤵
- Executes dropped EXE
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 256
2⤵
- Program crash
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3684 -ip 3684
1⤵
PID:900

C:\Users\Admin\Desktop\LockBit-main\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LockBit-main\Build\LB3Decryptor.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4736

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit-main\Build\Password_exe.txt
1⤵
PID:1376

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit-main\Build\DECRYPTION_ID.txt
1⤵
PID:744

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit-main\config.json
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa74e1ab58,0x7ffa74e1ab68,0x7ffa74e1ab78
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:2
2⤵
PID:5836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:8
2⤵
PID:5228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:8
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:8
2⤵
PID:6112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:8
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4836 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:8
2⤵
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:8
2⤵
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:8
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5304 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5340 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5280 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5208 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4764 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:8
2⤵
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:8
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5348 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4584 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5464 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4716 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5468 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3432 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:5624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1888 --field-trial-handle=1960,i,17254438305674220814,17873207434140162714,131072 /prefetch:1
2⤵
PID:5996

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\DDDDDDDDDDD
Filesize
129B

MD5
694566142e8419f8f0b422a1807ed211

SHA1
ac62a9f4966776ef0ce63781b483502e884ade65

SHA256
059fdd3521a4804b8f5d214695990fe7f5e26d014cd79b350b8ddf0ecd4ef554

SHA512
969564e28507244f1efc0edc3a961913d2de89de543631b552e8b6257b1d666f6a184d4c36983893fc82416045d6b9ae1b18a16bf4c89f8010e88c2532a827ad

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
6f68f3ffb1dadefc96d1de1c1d440acf

SHA1
93abcf8fdcd282debdd613bcf41ced6c773cdf9b

SHA256
28d04b9d08d447ac0be9dd4cb06480e452d106575bde529e4d6c1f033e4cf4fd

SHA512
8c39f9efc73e3df517ceca202a6ef9cf38a35be10aeefff95fd9eb3c912174ba89f3c42e356434c3ac77ab342ac5a4d2af2e5e4c8247c8b413d2b7ae3bbabcc1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
992B

MD5
ff9615348bafab70a615c61fd851b1ad

SHA1
4a42b22af709709fb9e23911cc2290aae99ccd8a

SHA256
896ac590c141fe0109068f3a3d4059fd0a888c0202574e3c4326f9fcec62c38f

SHA512
a0fc04d882774717cd8aa4967b2ac8b0bd401a960f7d318c3864bf347c424412047fe4c18c8854c03920d376601adbd784a8808ef9e9c6ca6276a466dd3e0be1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
c806c4473f82ec409d0d01281513adc3

SHA1
a2a0d2dea8fb5429c8eb339d7504936db8b7ed95

SHA256
92cd61a571d3eb9dbff4319c293faf68a9a0960bd7efac19cd413df10d0b325a

SHA512
febbaad04eaa215c13f624905fa79c93f04057432895a67e93a41343fcbd02da3424713c62b068429d75a6833981c54f1dfa2df81d9d5ec891ab40fdd5bb2895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
757f9692a70d6d6f226ba652bbcffe53

SHA1
771e76fc92d2bf676b3c8e3459ab1a2a1257ff5b

SHA256
d0c09cff1833071e93cda9a4b8141a154dba5964db2c6d773ea98625860d13ad

SHA512
79580dd7eb264967e0f97d0676ba2fcf0c99943681cad40e657e8e246df1b956f6daeb4585c5913ca3a93fdfd768933730a9a97a9018efa33c829ab1dea7a150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
58bb61c065a2bbf77fe60986e4d2bc50

SHA1
ec7c486573c130fd493a8927623338ae2c2e20ae

SHA256
7d788028760f122ec4a43a23eec9350f75129e16661c3b3d3b12db544d491fa6

SHA512
d7dd1395cf6325aab8ceefb84da23056f5b62b05c1b80f647bb006368d289218f811617616a2baa5eb2cd04579c13e8574d94c78e3982727f98f7424418ff7b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
6b58c79c4214b15cf42e6cf063789dbe

SHA1
67dd9f389188fc5bf70c49857d0be81a5cd9167f

SHA256
058c9575bc2acae0fac179402dbcd94988050be32036b9f868a65a34c98ee301

SHA512
27e91a3910b28d31a3d440bd4abd42cabdc5ef03fa1e3e093fd246905e30cd11278866befcb5a948b67d3783e9181a2dc33db3bc948c289951cff1560c9ef1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
2844d98992e933a6b73ae466b1ada24c

SHA1
935a01848b9d76be8b68b3c31200c765097d6a74

SHA256
26e86732a5a43834fb5549e2c5f7d1cdbd385878a00c05e1ce994b118290e520

SHA512
a948b01b42f6f5bc52eda56753dc212c141870d7f307243ed2fb27e261ee96f2c71cc53ab63c30fea0619a5f7cec2501b2ea15929ce82dfead758946599f27a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
62adc11eeb54f79ca405ff6b28186ad8

SHA1
fc2d4fb80301621f36f2f62220cf6b440d6f2cc4

SHA256
d6b1757d9d00cf105e28512971388daaf9b9aa674b60366f77d21d837be890bf

SHA512
a42efa1aa23424820011582fc677a625d993e1c85fa44bb04de411c3512560b52455d803a38de2d4bb5940c8326b5fe9a5317aeba6d98ea46d8ad10bdf2ba07d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
633a0c72689a8dac690f993221f625f4

SHA1
6c118a2f4b045463f867ee2b2d349bc05e16adcc

SHA256
3543d86e24dcc43b5aed1b06157aeab45d00320a04da85eb4e94df4cb4967ccd

SHA512
ae474f4be55b2f6671ea3b0e9fdac3b1bec7d0cbfd8d446ed302705529b12137bbea8db521197f0cba8cf4caef490c0f8917e2456822b0079b26e88323f7b295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
ea8b9694e04d3566a628541f94fb4bfc

SHA1
72468752903bf3b9e6b7c6ab7daf66a572e61898

SHA256
f03cfff00475f8165e02f12b1b28d1708e0d9543b3ceaa16f6690cfb40e2ac03

SHA512
c7b4d1aa1cecd55381ad4d4f28f144e5138cec7fce8bd23181c173bc9078659d2bdfd28295ba8c60cb46787ac0d604b547fd2ea662827615a99523013fd23cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7e99305b907402a9701c6b7b6a24ccab

SHA1
c9f62c4ecd45f67c341ea7aee319a1b1244b63fd

SHA256
0eccc752aabf8f00a721a389f4f99621719ca2d715d4ac426857b0f7eb977caa

SHA512
5cb809801022a5f0c4eb1b14cfe4c99c4afe009ff361143d449862ef5a8be15ac97ad8a65d551826e1993621d9147aa2e9670ef58100f6b5d1c3ee4bbdec160f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
dace5a75e4248e9d5b727b34737fa544

SHA1
30d7c2e7e9c1003574b5090bb9df1ab20b5b51b9

SHA256
5d0ecbd8731c764a927c42530a1f6240e04ab81a73ca176cc1a4ea209aef98f7

SHA512
494f57a97f001fefd13d4b4bdcb063f05f0562c5cfff0971db7305277f6ef9c7e36801595a5af0b4ccdb2423c7e787626d8a4feaf12dfd1e59e82b32a5fe7d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f3b0d388fc6b03385ba93b4f6768062f

SHA1
ac66297e4b3a84a39c462d70d461bf4f23e6baf2

SHA256
58cfca8124ef2cdb493a58cef5395222ab358cb9960a169fd9d9e76d751cce32

SHA512
fc6fb2d3e9663005ff109d141271dc586eb92b35c33fdb7861e347e2246f2ff0adc3337602ce0c190077747b892e17e0c9b25f0a123f82b92139ed0bc12eb243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
cae84da983d5b3c5153b52135baeee0b

SHA1
45e6204d16eddc1d6259e439b69457fe84d39238

SHA256
f92a8e1a041a642450e5a187ff8bbdf8864bf06013fa6912472b715a8d8d9c02

SHA512
9d28fab062baf0409960832f80e1859c4ede7df42d39acb308cf6b95c11787b1ca412c896e6050a5adf0949f476eacc2a768824edb298da0ae257cae1f361231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
afdf1d999ed681db18e17919dcb4b528

SHA1
f8cce1026454b1f5c663da9559ba69ed7d756c45

SHA256
cfe2ac76947c8708c7c43ca6b58d305dda40329027c536bde56ee8ab872aa85d

SHA512
0ff75b4ff3524f621dd2058011947df2f642034c38c3745b36084bca7408a553daed96109f80183f2f18e838ac97a47ae5d34ddc40f5695ebdd44a4ec9779b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bbc6921de97cd65e249e13c2ef9ef0bb

SHA1
f99186ddcd1a6698033d94430922f5fa29129af1

SHA256
86156ec036f48c510040d2923f3781902754d14cabf13f0b83f4e16aaf7d7158

SHA512
4786b0e2930d8944f34a2a1bd79f16b9f813da3d500e3aa322ab3521dd13aab522c6f397d6ddbfad323e4346f5b7114d219bdaddc9a49f0abbb0b78794e96326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
77f9607a00e32b2e32d324021cad11cd

SHA1
d76508d62f877701d02b2c6aaf4fd4df3f0b0059

SHA256
53f6fb0d4fdee5db40a45adfa8498b9327b75a9d8ca6f59a89d4f394083976d7

SHA512
9d359e5b3f86e850175985601ed11fcb171fa11cc77aff931cf8b898b7061a6f91a750b17ed961cda5529e0c65206018b3a4b064bf3353cc62cc6fee495aa151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
7673a48efbc54c156c41651de242079a

SHA1
98c5f455102fbaec97d08519b4cc00b04d34fb6d

SHA256
f782b32331dd25d728acc9cc3a35f25f9ead5aa06ef16b433959c534ae78fa88

SHA512
b642d4fb6ec25230cacf0075ade1bd27f9217abfe745ee2d4a6c846f7724c78936b4e1c22475e7ed590f98c1e7163aed9ca5aacbbd262ece8e0585717171a78f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
f260cdd290b17365c5cab7ffc4001b78

SHA1
c06f4f0adb418a8e495901b8a2a7f98954c1003e

SHA256
f3d17bc223e4e1d210ddae82724e2d470fb45f877c766804f93e72985e50f5e5

SHA512
06a0f40f0a29c84217e22f16b32d15a28f7d24da4fe318bac20c8ad4d67cdfba6e7973b4a9b9ab91bcd2753f14abaa57bdf2b80d2c24ce60bd894188ac4ad92e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
Filesize
44KB

MD5
295730ce73610c6fdc7807d57ecbfa53

SHA1
448516de64458dc0bc2aa4467cdfc131f282e2d3

SHA256
eff491a36233bc4417469fe38dc10d511eb2c828edeb7c7acd7f9da1fb3ab157

SHA512
90bdd5c5d96f5535ce92be0a8ab1710e1f2b73dd74ddf860e4bc0311a9e91185b1f10864c6879c3b62ee248cfc93fd08185358edf3826c6b51c5700d98728a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
2fbbb538adab3a5b91405e853f2c53cc

SHA1
2c8332e243d87bd9d55f9656db21b6c75cac5832

SHA256
a650bc232215cecbe46538061062c407cf9cd096394fa81e63a7fa057edd9e15

SHA512
29a1f78c9417f62d55622edc724d7e04ba96c901c9ac89f51e714e4a42ca4f240dcf1a199047037fcb65d4afaaf0649207c8a50b3e8a5e2c7b8ae3e74180caca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
Filesize
4.0MB

MD5
b23d6d0b465ecbce490fa7f353f8fc66

SHA1
7fcd02957e9651edb048e5d7418fdca9d83bb6ec

SHA256
3e1fb2cac6fc1a50c8d6e946ee3ce18705a5ca820518742f3de9e039f966f613

SHA512
ef7ff689f96d561f941f266f1d662147062e7efdebb96449716708a68bcf4b2c26eb8aa0de83fb2cccce3c16e55a8f0eaf8fe32b3b0b08af9350dea7ae866fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001
Filesize
19KB

MD5
bb21e538405b5833690b6be41ba42496

SHA1
583683692b7d31baf7b6dfe9b856c147d431155c

SHA256
c3d2163294a18142e42472ec404d7afa3082117ea30fd5a0b39b9835ebde05b7

SHA512
83240777e3dcf2cb8f37891613c07a82c7491f513a35ba9a36479c310be74849ee30403753418848d61d9fb44bd841a1bd6c7032853182dc1b3d4f29f5d7367c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000002
Filesize
17KB

MD5
a1e72ed8fb78fc2bcd200040be01edfb

SHA1
df542ea542b46c6aac37fbc9ab81f9c000777314

SHA256
600b942ca13a0a568f8bb36b8fb47341d240c5e8a77793ea42e162d3341f257a

SHA512
bbff1f0801b4f4e2b1678bfeb1affa233692807e6477f284f095e5cdb85baa5232066630c12d603a2536a58abd70ab351f44c6e268ab3b5893e6c7d9361d4285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000003
Filesize
17KB

MD5
bc6ae4eb07f25e6217aad1d9a8815bab

SHA1
fa94d10a59d8e909c6587bbe3cafe4a7a72bb3b1

SHA256
7ce7df376994445c9e43888aa72b2cd02936ef652eba93b6eefd33b1ab0091ff

SHA512
01ddfdcf6f28b99cf31538786633a92f06b5c8e98071e12002f72c4be9b9b35105927e663392b2bfe822a3c91408f9a667c791340c8e8a5c85d01e5802597187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000004
Filesize
20KB

MD5
5c5f88fe338e5de6e94eafc2157108e6

SHA1
3b30c9cc752ff236de40f32955611056111091cd

SHA256
6d87f8515dfa11925a6154b1e0ca8d3cd6fe0ba40deff30b8a256cd6b7797018

SHA512
d5c8b906c1a9683698a12dd8c712a982d62fe966f42460ed69ced811ac4cf508e4aef7bad2edb36c35834bf522a4ecf1529d650fc6a851d9e5f920ef3ec5f47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000005
Filesize
20KB

MD5
b2507ec41feed0a1cebf7d27ac2e9990

SHA1
f1f1b9d92ca41e70fb1374e707ba2c2a92ea9f91

SHA256
b5446bcee2dc4f5fa4c6d74c2a19360afbb4917828d539fd30f1aa53ecdb73ac

SHA512
77616ae09b797a2ee0cc3436655466f9ba1eabcc576d2a6aeb77cb320bca4fc8b998f7e3582546724b1a195318aee535955a96e1ead0f723f608ff3b647057d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000006
Filesize
18KB

MD5
7fa256624917a79d0ebc9f37578c1226

SHA1
1629ad0efd4808b44497b6485185202e754a9866

SHA256
608f8f28b6eed7c6baba09b709755096baf013945fe3441f2a4a4c56b512fa3a

SHA512
a307b7adc9ea2d9269eefa2d400d6edc5b2687c33863a4a7b7552075b2a422ec7b7115e31f85bf292b19a69c7c328c4a6c2ea38516112ffdc87356404c497af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000007
Filesize
19KB

MD5
d9297f3c2316aeb2cf7014265b9de273

SHA1
722a0926105315cdd1d94b0e8708c1f410c44c0c

SHA256
f4d5485b89081254f0eb31f56f0b9547bd0f45198ac60d3f721fa62ac2d35aee

SHA512
770687082de9f7266d0dd94a03c6290fc23c4820d0d936f4cefc887611294a767c942bbea714615769f2041d413e270c76ec9f7faa6ebaaf7a9d8c3ca3e154d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000008
Filesize
16KB

MD5
ae9c274e26878d5f3f7aa93d8571b0e2

SHA1
559b7adc9cb68cfaba7e34f8a2e11e78a1f60d77

SHA256
1eba1ce6fb0dc8c765a4a21ee41a404ff63ea599c51383a53fadf5800fa8b03f

SHA512
fd63e27d4c0bf40b1245251ce75b1de114db47ccfb65dee437696696c130c45359bac4f1a60248a8db1b9cc2b6d20bef614b0c72ab40ec292c944b9338ff7079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
30f817c37999bc2ec8356ca875559abf

SHA1
95e300001d5753cb1699a8d0bccc4d3fa235a180

SHA256
9d80806253997e0044cebfb29a898c507bc93ceddb0e38a94d4e8dbcaf2f4a09

SHA512
e9f6eb9b51b2e62568293bfeccb7ac0aed5bf5849bd0ce951ef0ebbc26c8ef8f75197153c1aed03ea0576b23201d83292f5988620381886d849905302da00e14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
b01a3ccc7c488620e2332dd197de0b40

SHA1
7ed9a41a841993ba59e8abed21792cb8015f3714

SHA256
280b2e5e358cd36fc03a1dd4a4fdcd9ddf2ee9b0cfd9d7b059bf66e63b7e5d0e

SHA512
4daf279b243dc2e270c0bf2c9dba8e24ec8f0da1fe80925d30617738f92d163890d6847102be42dbd6e6047b0464b0cce9e15bf31ea7aa9d738be7aea1140781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
774d37e3d51bed7ae1fe505b1abb2758

SHA1
574fdead4741a4206c49bf2ff00a69bee8fec8a5

SHA256
2ee3a56ef433d03ed8b7789e3122a99976e69cdc9f564ff2f788e0ea356330ad

SHA512
1392c43d594e6760991fc4fcda2101fd69dce10736bd639c09f7ab60fe9da614b81aa9225c0d91d62e0d2e1e9e824a5c735005a92fdb5f3a5c672c54f8ef9e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
443fac6bfdc2053f5c225de51902b7ab

SHA1
d5cbddaa39f8487d9d56ac32b520a2a5b3361558

SHA256
2bbfd9875a703ec3b8cdcac3474188ec2cab167fe903ad60af75997547418036

SHA512
c353e281f44d489b98bf7f7b8a43cd6ca512ac1446a33ba69b2c2a3592a2134751518b9d212e8bdf35808176f846b31650a89b2c0f9f915bc7c3b569d46cb07d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
317KB

MD5
ed154b580de78a3c88172ed205149555

SHA1
446435096945fc7f7aa786ab91b59e13cb370ff8

SHA256
7fa30b6b44a2001b4936a5e9b0013ee334c7660da3f8470ad1b2a9adfd94298b

SHA512
1ef80c68ac1b221fbea224b7145c039d696033be588c95f460548fab09b212d3df4ac5138e2e90b4f0bca49ebf32dd7e1de5c8de485d631dac63ccb627306796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
b89a9f7e1dd07ba83001da14fadbc7a4

SHA1
e9e9d7ed6829b3631ad6b9cba8abe7639e53fb2e

SHA256
3e7f24973005e17d8c43019a5872075e725bf60c6b34a619d1e0574ce747c12d

SHA512
4f0875366b6e2e3c6fb6f8899115e0638b9e034055926f55ca4965e20341e83f509d7a388a3f03e3cddbbe303077d6f4138bdee50d928fa544287d5a3419341b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
3f677abd8a19fc64a2309742fb223234

SHA1
6e684bf7e922b7e37ab659e3625bcd3b987640da

SHA256
28cc2a314737c84dbc37d7804e391d203a0d20d74ac856b2ade2bca7f7b437e7

SHA512
52f707ab4ecbfe2c167c8cfff2aa4449926c36aeb991c868e062f47a5d1b3652e00044e90bddfeb777787738752d78e103c00f3fdd8138b40672133e11965da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
90c56e6ba2bcccafa3e882d7947d6f7d

SHA1
c33df887ea0d59a910c3baf2cce4e1af936a3443

SHA256
74a1fbdc991effcdd507fcae69178d9775c1c6bbd37baa0f33e30b2b77868df9

SHA512
1b471e873b45304dbc66ac2067756c1d37da1d375d7ccb76b0c0cdf2d6e1270857cdaf4687ca53c33e1d201facb174dfc462d61fe7695cbd1a647cad01f3a9e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
837b9b9385ded9bfa9d5ff1be066c5a1

SHA1
5aa9474e6c11a984bc5bf205a39b048ba1359681

SHA256
17252471b52bd822849149bbd6857335e2758498f2af4d31e9c945f45e41caba

SHA512
b35f784618b00feabf1936f40aa44b8814f85f8301f45f03cc9bae2a1bb8e2f551d441120e0ff6de9195751823bbd06a083fcd72395ce74d266791d4be2138fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
4141046ca867c5ad43997f9f91325387

SHA1
910279d55d106b2759ffefd549b19a33ea5971ce

SHA256
c0d63d8b9a5c800f5a08c2eb19c40f060ffa999f64831e696f97f99f45ab11d2

SHA512
5da4f99e96d3748738a5dc899e72b86a3cb3e227021d3e88b35502f08abe75e03e34839462129c83317b9d2656956e7ab8a6b6b5ef0435029a608b26c5c4ccc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588ff6.TMP
Filesize
88KB

MD5
52039df2f06a180a4f8fb0849ffe078c

SHA1
5523faaff40207cc8742e84c78d4c04b5771be97

SHA256
23d4bd1d43c52cedca8743470d2979437b22f57ff976054f1c1d276ce18ea968

SHA512
da66568c2718eff2c1cec03c28deb764e6c6279d9b8923f400f6fecf49cca083516358258e4187ffd76907bea1cc24152abd8d1463626a66ff3f526818910158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}-0
Filesize
36KB

MD5
8aaad0f4eb7d3c65f81c6e6b496ba889

SHA1
231237a501b9433c292991e4ec200b25c1589050

SHA256
813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

SHA512
1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc-0
Filesize
36KB

MD5
eab75a01498a0489b0c35e8b7d0036e5

SHA1
fd80fe2630e0443d1a1cef2bdb21257f3a162f86

SHA256
fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47

SHA512
2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596439061629985.txt
Filesize
77KB

MD5
2ca1150b979653440614d5614dc53f4e

SHA1
bba95bc9c6742d554a59a5ee0d033ea384888686

SHA256
2b2bb5605143aa975f27186c465f063c0fbde07c5a8acb06c5ede3883f404ae8

SHA512
77c0b90fa94ce57f867961aed577b83b3a9e13d3de584eac31667fcb557f02d88154706f55a6d78088df1aed6c025afe07951b866ab2a3469ba2af9f8830fa93

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596440659070499.txt
Filesize
47KB

MD5
ba977a034d379c5f53d7383edd0fac06

SHA1
a0284b2c6d8f283dde38a0feca7c9df19f0ef36c

SHA256
2a948c2c1331ee009aec51a4b31a4cc8119d5b38924cf02c099a8f7e47f41f3d

SHA512
fc2432b835bc9859fa4075155ce5344d25ced6436a119a21344633a85300209ac5847ded20140a1cb01ab899c8979ffe5c1149f40e84bf24d78aa8f0ed8d89ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596447917177929.txt
Filesize
66KB

MD5
5e3f25618934a45b8d63a4fecac19fbe

SHA1
6d30609752e9f99f46e2ec37dbfac3c2ffdd331d

SHA256
c6200a1ce99a1abb8d24e8efd45f2ed672ebde9602f07238b6cd4ff39b8cad7e

SHA512
9cd328c64e898cc67f6def26591d09b0b636ef2f5d170d2ea8c459c50fa422b3375a66c9803c8867d3aa6e9090922ecc8f749aac9a979a79f70c216e007e3246

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596477668937151.txt
Filesize
75KB

MD5
ce88a108043a3d69e5325754ba9c7181

SHA1
c64f06b8081f5ec0ae7c0e1fe7b0f248aa6550c4

SHA256
b2552766ebb3469549cea5b6b609077fa6e38c000eba6befadfd275e11a8095e

SHA512
cb5e53fb1520b68178ad465cde801ed779521b843de44f894fc8fdbd071f33f663a60f570b134ff0996bf407ef9ecee72810b16dd9276469e6b0efb5d5c85829

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat
Filesize
8KB

MD5
a8308d2f3dde0745e8b678bf69a2ecd0

SHA1
c0ee6155b9b6913c69678f323e2eabfd377c479a

SHA256
7fbb3e503ed8a4a8e5d5fab601883cbb31d2e06d6b598460e570fb7a763ee555

SHA512
9a86d28d40efc655390fea3b78396415ea1b915a1a0ec49bd67073825cfea1a8d94723277186e791614804a5ea2c12f97ac31fad2bf0d91e8e035bde2d026893

Download Submit
C:\Users\Admin\AppData\Local\Temp\wctC39E.tmp
Filesize
63KB

MD5
e516a60bc980095e8d156b1a99ab5eee

SHA1
238e243ffc12d4e012fd020c9822703109b987f6

SHA256
543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

SHA512
9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
Filesize
48KB

MD5
42b42935fff3a321dacb8b134a1e663c

SHA1
5cd5f15ab2909c7d43bddf175fc0896eacfe3420

SHA256
b6646de747467eba7b18a2cc4e22dc44d99cff16e637e7b34257c270771c6b1c

SHA512
1db1fd51d4e4a8aad9c8fef98b7979899a70b42544ea1fbc525a0b9d950394f0e43ba84e677940a4787f7afec4ca04aced51fecf5febb41214c51cde65865867

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\DECRYPTION_ID.txt
Filesize
16B

MD5
7b030150c39300f0d89118743aed7e7b

SHA1
cf4236b837ef2a7a544ab52d6150daf3fb6d210f

SHA256
a9a12148831240c89db337deb0bf75f6c2aeceb02b04c9ef550a773334688cfb

SHA512
65698218282e18b5bb10c8e83c9808de712083466c28de16ecc568125bbf96be1a78d1771c00ead0f3140c323501b1c321c8da378eee321560d9a860abd1d686

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\EEEEEEE
Filesize
153KB

MD5
c3e11ba5fe849736cfa863586f01d7d2

SHA1
c68118f2706eb552927540452c70ce55f8605005

SHA256
f0f9a647a41c3f2c9cf57ec7d26ae954f73406db19f41bf545e5422588941068

SHA512
4c612a55e6e75473d3cebe77fe15edd989707357cd19e707252eabfad5a81b78849a7c9a6e45d88f366f354beafbd0bdd5e0ed0b871df782f928aab0559b1e66

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\LB3.exe
Filesize
153KB

MD5
d84b4d42cd081693a44cba78a1a8e768

SHA1
248d1f623d44404e0003d3b17abfc429f248321e

SHA256
b66404d9c8cad8bf46a3240f2576a35deb99320d16e33477fec684115eff5920

SHA512
5bb39993a19de8d9b7f142b5dc75006efe94505622935db7c4b58479820a4648f5916f9c06f6770b1fbfc31b70da33363090b73d14805d50fe01b14d5468c409

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\LB3Decryptor.exe
Filesize
54KB

MD5
9c2bcf1210dc3f868fefc20afab75d7f

SHA1
f6e808307af6c06d82440d3f3d9b491657e558d6

SHA256
37c7a3058f9dafc0533de3848bf2bb4b6194908a45c043d5a8643d0dcc55be56

SHA512
0e567b16d196fa16019c32c8ce8377626ab43a54f3069ea6f1052346d8123bd7c22dfa9997227faae7a309228e407aa05a32417f9e5493b1e81677b9841b60dd

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\LB3_ReflectiveDll_DllMain.dll
Filesize
106KB

MD5
557b77d59051f949d5859a7d40ae0dc4

SHA1
e90ded39ceba479e9a003d5931993c5c44f1eb9a

SHA256
7d1b536dc06289e020dedced44af880ebfbf9aa6b490336ce4d008c19b46cccf

SHA512
4494f3daed324cac0b160589cc7e5e6cbda7f8b6006f0af2787fdef4620534baec263e50249af5ae30a552bbd6493e763f51a7480cadfccb703f30a06bdf9a47

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\LB3_Rundll32.dll
Filesize
152KB

MD5
95aeb0124c11f632b0f6a284e0602643

SHA1
34773efcbddfd86c45b6aad9c91b9007af7ee891

SHA256
e61ad95818d04d132f15fda419f4296619733f638d7b09cee8ae1384c7878a78

SHA512
61a8c4a6f34bbc9188c93e924ae50febadf0cce3633b4888c5d047725c53a5b02f77ba611ca1324057a42c7439cb2c5ad547e938cba9e32e905cc542d2c855c3

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\LB3_Rundll32_pass.dll
Filesize
148KB

MD5
06e56a448c8cea53478ea5a0db911254

SHA1
643d90cacb159e5dc86ce503b4207b0d339042c8

SHA256
69531e4f519af9b635a698630df310449d27c68e26021dd0736a3cc363bc0278

SHA512
9bbe17e168b9249f41a3af210d375d9fe4b61cf6fe1203382b3882541369361a5ac8648e2fb66a4e399648ea0a565a09dbf008b9c4c2912b2a76d15d7c70410a

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\LB3_pass.exe
Filesize
149KB

MD5
10a1210a6b5ce2e7d5f389d1d248439b

SHA1
c683a1a288fd9fd1924a0c091913a7de35cbdb76

SHA256
3fa23bfecc1a6405fbf7b7bbc0c7578ad0d7ba22fd6f92ad9e613e8f01b77857

SHA512
b0a7911469add62172ec31d05992c0ad07e121d9039d042ee64761b96f7502245bd5ecea7f82270c60d50dbd04752ee35e68c770a414654a1ac321aec22b63fe

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\Password_dll.txt
Filesize
1KB

MD5
0262a68287bb8e5cd949a8adc952b039

SHA1
41722680fcb0653e43e5485c6252a07e91e6592b

SHA256
5ff47d7cf5ce384a533f31ace135d046a03a99d36e5c6d2b2925d7b6de2107d1

SHA512
22abc35e8cc71d3e858906d5b5efccea60aea793ed5b875e429e5c00609dc7b9264db25d713a4ef9b4b9b0c51bd646d03a69f92629a8cc72e473bbda287b3cb2

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\Password_exe.txt
Filesize
2KB

MD5
e47006f615ce43946ca4eb1722b2013e

SHA1
d96f03f7d1c52ad8957bfbfd0442effaff3a5b6e

SHA256
7c7329917a5c7cbede72b5f5ebc0095134a6f2d660a7e9d4068886479a003a3d

SHA512
28d3e95d89c2eb5a7145929d014439f96e8646b4c071dea14d00270b07afa5d7968f7e2c8376d9b5e9ec9b36453a686453584e482ff8dbd4771aabf4e3630055

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\priv.key
Filesize
344B

MD5
14fadd698d0a4c7575948314817e4085

SHA1
5da147bd3c6c9e4477b156d570c7eec095cb65ee

SHA256
142464b649fcb296fd562969863f421a3f1fda1ad9d27c478b8b1afe471b5dfb

SHA512
bca06cedd4e7c1c2666cc502f3eba20ee7ff67bbf1a269b3f388c241b6306e773a861fbc7f007da9c80050f065d83baf50d3308431af85f5014e7d4912f92c03

Download Submit
C:\Users\Admin\Desktop\LockBit-main\Build\pub.key
Filesize
344B

MD5
5fde512e3e85d916e66dfe10cfc71cc4

SHA1
95b7b64ac8d7a6179acd1d00227faa9f136f2dea

SHA256
802006bc001b1b0421b5360db730c3da5a124b9ad21b7f0cbd00ba8e9521a44a

SHA512
50dab854a6124287eb7c8711e3fc2a1130e545e6ceb08d84acf8e77ed95b1a3bca01adccc4f4f079707868b35208ebd7e033df025684911261c6a037848f85fc

Download Submit
C:\Users\Admin\Downloads\LockBit-main.zip.crdownload
Filesize
292KB

MD5
68309717a780fd8b4d1a1680874d3e12

SHA1
4cfe4f5bbd98fa7e966184e647910d675cdbda43

SHA256
707bb3b958fbf4728d8a39b043e8df083e0fce1178dac60c0d984604ec23c881

SHA512
e16de0338b1e1487803d37da66d16bc2f2644138615cbce648ae355f088912a04d1ce128a44797ff8c4dfc53c998058432052746c98c687670e4100194013149

Download Submit
C:\jTzbWjxcI.README.txt
Filesize
6KB

MD5
dd746ace17e44ace00885b91400f11d5

SHA1
4a0302d2dca400598f396e4230fdae71779cbeaa

SHA256
b27c3c8a30faf7c76483b7e5d964ae85046a9713caa46508ee7a1e31b7dc6272

SHA512
8ac26aa7262fdf1afdc74e604720a79ebde076c75f460d7d5f57ff4d81dedb1ad471eb114ddd428c1934029746f5c222339090680bc77a6ea09ce329e1da3ef1

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\DDDDDDDDDDD
Filesize
129B

MD5
5bca40374056ebf86ece4c852cee3071

SHA1
76502faad0512af268ed16c85512f8f914903601

SHA256
26324b241c02930d3eecddf8e453c49d71a5b4cf414446156b2521566c9c8ac2

SHA512
7443bd2833941d56dcce3c33899c71a3431c87f438ef30c41d117dd4df9e4262be9559f803a46f89d520aedd44929fd2c6e29b6e4551682a4620beb988ca4f2d

Download Submit
\??\pipe\crashpad_2604_QDUYURDGFIFVCMGT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1564-3700-0x00007FFA53350000-0x00007FFA53360000-memory.dmp

Filesize
64KB

Download
memory/1564-3603-0x00007FFA53350000-0x00007FFA53360000-memory.dmp

Filesize
64KB

Download
memory/1564-3604-0x00007FFA53350000-0x00007FFA53360000-memory.dmp

Filesize
64KB

Download
memory/1564-3678-0x00007FFA53350000-0x00007FFA53360000-memory.dmp

Filesize
64KB

Download
memory/1564-3858-0x00007FFA509F0000-0x00007FFA50A00000-memory.dmp

Filesize
64KB

Download
memory/1564-3598-0x00007FFA53350000-0x00007FFA53360000-memory.dmp

Filesize
64KB

Download
memory/1564-3859-0x00007FFA509F0000-0x00007FFA50A00000-memory.dmp

Filesize
64KB

Download
memory/1764-445-0x000001C329300000-0x000001C329301000-memory.dmp

Filesize
4KB

Download
memory/1764-442-0x000001C329300000-0x000001C329301000-memory.dmp

Filesize
4KB

Download
memory/1764-435-0x000001C329300000-0x000001C329301000-memory.dmp

Filesize
4KB

Download
memory/1764-440-0x000001C329300000-0x000001C329301000-memory.dmp

Filesize
4KB

Download
memory/1764-441-0x000001C329300000-0x000001C329301000-memory.dmp

Filesize
4KB

Download
memory/1764-433-0x000001C329300000-0x000001C329301000-memory.dmp

Filesize
4KB

Download
memory/1764-434-0x000001C329300000-0x000001C329301000-memory.dmp

Filesize
4KB

Download
memory/1764-443-0x000001C329300000-0x000001C329301000-memory.dmp

Filesize
4KB

Download
memory/1764-444-0x000001C329300000-0x000001C329301000-memory.dmp

Filesize
4KB

Download
memory/1916-5-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/1916-15-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/1916-12-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/1916-9-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/1916-11-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/1916-10-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/1916-3-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/1916-14-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/1916-4-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/1916-13-0x0000019C0CB30000-0x0000019C0CB31000-memory.dmp

Filesize
4KB

Download
memory/3576-0-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/3576-2-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/3576-1-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/3684-3869-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download