Analysis Overview
Threat Level: Known bad
The file https://github.com/3xp0rt/LockBit-Black-Builder was found to be: Known bad.
Malicious Activity Summary
BlackMatter Ransomware
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Drops desktop.ini file(s)
Suspicious use of NtSetInformationThreadHideFromDebugger
Sets desktop wallpaper using registry
Enumerates physical storage devices
Program crash
Enumerates system info in registry
Opens file in notepad (likely ransom note)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of SetWindowsHookEx
Modifies Control Panel
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-09-22 10:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-22 10:08
Reported
2022-09-22 10:13
Platform
win10v2004-20220901-en
Max time kernel
243s
Max time network
243s
Command Line
Signatures
BlackMatter Ransomware
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit30\keygen.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit30\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
| N/A | N/A | C:\ProgramData\F497.tmp | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation | C:\ProgramData\F497.tmp | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\desktop.ini | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\KmNsi9A4W.bmp" | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\KmNsi9A4W.bmp" | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop\WallPaper | C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\F497.tmp | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop | C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Desktop\WallpaperStyle = "10" | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\KmNsi9A4W\DefaultIcon\ = "C:\\ProgramData\\KmNsi9A4W.ico" | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\KMNSI9A4W\DEFAULTICON | C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\.KMNSI9A4W | C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\KmNsi9A4W | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\KmNsi9A4W\DefaultIcon | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\KmNsi9A4W | C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.KmNsi9A4W | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.KmNsi9A4W\ = "KmNsi9A4W" | C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/3xp0rt/LockBit-Black-Builder
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa998c4f50,0x7ffa998c4f60,0x7ffa998c4f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1660 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2016 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4364 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4724 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4776 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5032 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4512 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 468 -p 5008 -ip 5008
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5008 -s 2460
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1628,5482320622942567832,1452747941174074488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_LockBit-Black-Builder-main.zip\LockBit-Black-Builder-main\README.md
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\LockBit30\" -spe -an -ai#7zMap17982:74:7zEvent20803
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit30\config.json
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit30\Build.bat" "
C:\Users\Admin\Desktop\LockBit30\keygen.exe
keygen -path C:\Users\Admin\Desktop\LockBit30\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\Desktop\LockBit30\builder.exe
builder -type dec -privkey C:\Users\Admin\Desktop\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe
C:\Users\Admin\Desktop\LockBit30\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe
C:\Users\Admin\Desktop\LockBit30\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_pass.exe
C:\Users\Admin\Desktop\LockBit30\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_Rundll32.dll
C:\Users\Admin\Desktop\LockBit30\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Desktop\LockBit30\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe
"C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe"
C:\ProgramData\F497.tmp
"C:\ProgramData\F497.tmp"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\F497.tmp >> NUL
C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LockBit30\Build\LB3Decryptor.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| NL | 172.217.168.237:443 | accounts.google.com | udp |
| NL | 142.250.179.174:443 | clients2.google.com | udp |
| US | 140.82.113.4:443 | github.com | tcp |
| US | 140.82.113.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| NL | 142.250.179.131:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 140.82.113.10:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | sb-ssl.google.com | udp |
| US | 142.250.102.136:443 | sb-ssl.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 13.89.179.9:443 | tcp | |
| NL | 104.80.225.205:443 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 204.79.197.200:443 | tcp |
Files
\??\pipe\crashpad_3388_PEGEIJNERMQXTKCS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4988-133-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit30\config.json
| MD5 | a6ba7b662de10b45ebe5b6b7edaa62a9 |
| SHA1 | f3ed67bdaef070cd5a213b89d53c5b8022d6f266 |
| SHA256 | 3f7518d88aefd4b1e0a1d6f9748f9a9960c1271d679600e34f5065d8df8c9dc8 |
| SHA512 | 7fc9d4d61742a26def74c7dd86838482e3fc1e4e065cb3a06ae151e2c8614c9c36e8816ae0a3560ad5dd3cc02be131cb232c7deacc7f7b5a611e8eec790feea1 |
memory/3856-135-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit30\Build.bat
| MD5 | 4e46e28b2e61643f6af70a8b19e5cb1f |
| SHA1 | 804a1d0c4a280b18e778e4b97f85562fa6d5a4e6 |
| SHA256 | 8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339 |
| SHA512 | 009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b |
memory/3304-137-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit30\keygen.exe
| MD5 | 71c3b2f765b04d0b7ea0328f6ce0c4e2 |
| SHA1 | bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4 |
| SHA256 | ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37 |
| SHA512 | 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035 |
C:\Users\Admin\Desktop\LockBit30\keygen.exe
| MD5 | 71c3b2f765b04d0b7ea0328f6ce0c4e2 |
| SHA1 | bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4 |
| SHA256 | ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37 |
| SHA512 | 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035 |
memory/3064-140-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit30\builder.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
C:\Users\Admin\Desktop\LockBit30\builder.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
C:\Users\Admin\Desktop\LockBit30\Build\priv.key
| MD5 | ec90c92f804dc85997133678bf6eff46 |
| SHA1 | 7a509cbdf152e72f6a586d1aca5ecea38d28889f |
| SHA256 | 34e3fae1bfb60ffe00c78341f21b0453898d8da4d272661a7cc99f55ef95ea25 |
| SHA512 | e6448c0cce0d7e9406ad5f40f45d1bdd512d2716c16ce05937df74aaa34448b79e66a3be34cef88d753a136c82e5f2e4e381c550c8d3d7e6b9f3e0b174f37e92 |
C:\Users\Admin\Desktop\LockBit30\config.json
| MD5 | a4246094ee4b631eec4edbe1db24b830 |
| SHA1 | c2078b62d63bcc54cc0d3cd92305cb0c3b7960c4 |
| SHA256 | 6fbd1af8af5a2bb2eb69f4e753bf41815aca0596edeed640b29753b4758b1801 |
| SHA512 | 43caa909e7cc8e535d46e078f314dd1f79d1f44b1fff7706119e68f90481f33f4191f29da0fd0e1c22b2d32f0769c485aa550ca83f4ce1e3f1a16a7a09ffe396 |
memory/3288-145-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit30\builder.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
C:\Users\Admin\Desktop\LockBit30\Build\pub.key
| MD5 | 6c7b8d3d631b0af8a5b98797b3cbf031 |
| SHA1 | 8d7599f8128330b4d130ecec8f91163219aa832c |
| SHA256 | e8da230ced240f1db3c3d6b68bb058756d65fe35a2291bf6fc82628f4385cb74 |
| SHA512 | 2fdae7138cdabfa47cb4074f2dcab946652850e40f2fccffa1f3693a208e71da952fa18433c580c5d692dd02b3dd68196c08a86c618e5d0b0f2dbfcfcf0dffb0 |
memory/4760-148-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit30\builder.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
C:\Users\Admin\Desktop\LockBit30\builder.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
memory/1736-150-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit30\builder.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
memory/1796-152-0x0000000000000000-mapping.dmp
memory/4384-154-0x0000000000000000-mapping.dmp
C:\Users\Admin\Desktop\LockBit30\builder.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe
| MD5 | c123c2a1c3c44d05bb5cdd02a0f7073b |
| SHA1 | 772ab17398cae353db0277964c697a7eb19f5a33 |
| SHA256 | fe48f1d26bed003dcde6576693159a53c3f9750bd1980c9c59a613d3855821d1 |
| SHA512 | d6e1d07bc4e9b7a839f50d1a1efefaa8d61143cbd573194524ebb037ecffa71202907cbbf59714896bf4aa5bb5b2009d386e522a3ad278d956783df436defbb6 |
C:\Users\Admin\Desktop\LockBit30\Build\LB3.exe
| MD5 | c123c2a1c3c44d05bb5cdd02a0f7073b |
| SHA1 | 772ab17398cae353db0277964c697a7eb19f5a33 |
| SHA256 | fe48f1d26bed003dcde6576693159a53c3f9750bd1980c9c59a613d3855821d1 |
| SHA512 | d6e1d07bc4e9b7a839f50d1a1efefaa8d61143cbd573194524ebb037ecffa71202907cbbf59714896bf4aa5bb5b2009d386e522a3ad278d956783df436defbb6 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\RRRRRRRRRRR
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\UUUUUUUUUUU
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\TTTTTTTTTTT
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\SSSSSSSSSSS
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\QQQQQQQQQQQ
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\YYYYYYYYYYY
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\XXXXXXXXXXX
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\WWWWWWWWWWW
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\VVVVVVVVVVV
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\PPPPPPPPPPP
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\OOOOOOOOOOO
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\NNNNNNNNNNN
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\MMMMMMMMMMM
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\LLLLLLLLLLL
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\KKKKKKKKKKK
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\JJJJJJJJJJJ
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\IIIIIIIIIII
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\HHHHHHHHHHH
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\GGGGGGGGGGG
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\FFFFFFFFFFF
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\EEEEEEEEEEE
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\DDDDDDDDDDD
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\CCCCCCCCCCC
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\BBBBBBBBBBB
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\AAAAAAAAAAA
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\$Recycle.Bin\S-1-5-21-929662420-1054238289-2961194603-1000\desktop.ini
| MD5 | 0ad8363f6e24361c4a093d612fa025ef |
| SHA1 | 8da1983f8193d32959100ac32a9e8fbe016e8ae4 |
| SHA256 | a314d39c653d722e664106888620cc838584dfbaf078577f14e623cbb8d23dea |
| SHA512 | 968b67237a45cf056b5081448a1d1527eede3b07ea89a4867d38d72bf847cb075dfba1df91dbc1c538212c8ca7f322699fbbe522b7a75ba4a426dcdb011a7dd1 |
C:\Users\Admin\Downloads\LockBit-Black-Builder-main.zip
| MD5 | c1feb08ac7b862ae99d2ab44d166c295 |
| SHA1 | f4441603e21c567687726da4a7b8f03506267c9e |
| SHA256 | 71ad2d8c8145a4b9490a9c6735e7a4fb2d404a3713f85a6e93ec22e989ecdc98 |
| SHA512 | 948069661893063a0742b7cb1777478570ee2993a154c3bee7f189afadbbfaa0e1043abd264e89ef36b57fc923522e49c1fc64a6ceeec2af856beaa102b8a403 |
C:\Users\Admin\Desktop\LockBit30\Build\Password_exe.txt
| MD5 | 1683ab1a5d9887d00042331b1185693e |
| SHA1 | 17ff210dec7114a042a453af678fdb35fa9331d7 |
| SHA256 | 86f4b8c2142b1d9b0c85f32570524649f0f2ee1412bd472dd245e02b4f21063f |
| SHA512 | f0739a86f108ea52e664a240d2f1cf4241cee08509adcc67bedee8552fd5d8ca403e35b2095d43b5c4d022f346c61f3f91feea16d887aba03b4e2b2d1c3646d0 |
C:\Users\Admin\Desktop\LockBit30\Build\Password_dll.txt
| MD5 | 4d4a5cb0fc62dd7e91b588eeffba0e53 |
| SHA1 | 78fb02b7e9b2a5dc3d9d3ae49f8fdfe542c138f8 |
| SHA256 | e3547dde269ea3369276d578eca997c77f525fddd2078a69d2e9509ab97a8fa2 |
| SHA512 | 0bdd167ba12dd8b45d48c167bd283ab2a0fb666b9df29b805371e9f26a6c803936d460b154dd58ee45f1bdc2559486a68311967fba96bfc55b393630dd3531f9 |
C:\Users\Admin\Desktop\LockBit30\Build\DECRYPTION_ID.txt
| MD5 | b4df989f669e90b521e36e8471426999 |
| SHA1 | c4df0d61317b4d20e32a8c10d1bc2779132df87c |
| SHA256 | fb13c2148e883cc87ad1a71160b2ac2ab29aaf767e7820aae24c2120a7ee79ed |
| SHA512 | 9bfb53d9ff1a6d4d1560e08fb07896c1ce47edd248de1b3ce7db9f4a9e6f91da041899f74e38d5c1087750ef859560ee5e54e6a438e06d3a105cdffea85e4344 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | 25c303582b0ac80e24fdda3a9d7072c8 |
| SHA1 | b68b7dd87b9b34539925c3ad57bfdc52a96fd8c6 |
| SHA256 | af0ad510bec46711e35eb97cf300078ecc1608bddfc11d5e1a2bc84c0ca571d7 |
| SHA512 | 126ef5a5c9443bfb0dc4540d8ac499d7e7689fdbb6bd4b2b8613fccebe909e27cd2776851ac572546fa93f6707549dd2706fabcbeb34bbffe4e49cf13febb224 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 5d6edd5a452ae2b158399c2c677df58c |
| SHA1 | 0b8e0a503429f7ca82071e5b4458335999c408c9 |
| SHA256 | 4ec429720841acb2fb0590d03f11f12741670acd15d5f2ef13cbb335c6e0998d |
| SHA512 | 0f06ead6645979ce924f7b0c1f11f2f5ce1d5c4f3e42d7b45f9f1fded077c2e0deb14341947af87c9b4f4150a50c49b0df26e559c7510ac0ff9c9622633bf8de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | f58d1d2b4aa15dd33f06972894c24d11 |
| SHA1 | 2d1cfea256eef61a3d3cfb337ed6cc03236275d9 |
| SHA256 | 258d9d96274398d02edd0c2d5d7eb4256e01b102dded31af5689adbbae3719b3 |
| SHA512 | 03ef149611fd85bf9508b421964b2c78ffabd74a5ed37cbb10ad367682ce8f71206e2cc46d90cb47cd1af446017b2c6c262f9b4060455f602f0dfee7792132fa |
memory/3824-191-0x0000000000000000-mapping.dmp
memory/4980-192-0x0000000000000000-mapping.dmp
memory/3824-193-0x0000000000400000-0x0000000000407000-memory.dmp