f12bc32940e33f0d4d9bcbf151cfc85f1e13084abed05c4b18dc48db2afdc4a4

Resubmissions

29-02-2024 02:43

240229-c7k46abe8w 10

29-02-2024 02:35

240229-c24z3sbf29 10

Analysis

max time kernel
600s
max time network
437s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
29-02-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3.zip
Size

1.2MB
MD5

0d77c8bba799f8fa0abfa6c403b0adf1
SHA1

7600ecf45739b2ecbb71139b79e07218d0157a21
SHA256

7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3
SHA512

d889dc70964574ce6b24679e9cfb2b42e7bb97b57d3d12416302d05a6faf32a3fe64abd1725c6c5420712cce641a8bd7c4bb4d97eca849ef3dd78dc79f39966a
SSDEEP

24576:RgDvGJw7c+172QE8qnC/oRWVIH2DZiDsoALc+CC4CjFnyRdxFLdc:RXO172QE8qnC/6UZoAws4vxF2

Score

1^/10

Malware Config

Signatures

Modifies registry class 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	PaintStudio.View.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2368	PaintStudio.View.exe
4124	PaintStudio.View.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4560	mspaint.exe
4560	mspaint.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe
2368	PaintStudio.View.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeRestorePrivilege	4408	7zG.exe
Token: 35	4408	7zG.exe
Token: SeSecurityPrivilege	4408	7zG.exe
Token: SeSecurityPrivilege	4408	7zG.exe
Token: SeDebugPrivilege	2368	PaintStudio.View.exe
Token: SeDebugPrivilege	2368	PaintStudio.View.exe
Token: SeDebugPrivilege	2368	PaintStudio.View.exe
Token: SeDebugPrivilege	4124	PaintStudio.View.exe
Token: SeDebugPrivilege	4124	PaintStudio.View.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4408	7zG.exe
4668	NOTEPAD.EXE

Suspicious use of SetWindowsHookEx 49 IoCs

pid	Process
4560	mspaint.exe
2368	PaintStudio.View.exe
3204	mspaint.exe
4124	PaintStudio.View.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
2004	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
1096	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe
2632	OpenWith.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 4668	2004	OpenWith.exe	90
PID 2004 wrote to memory of 4668	2004	OpenWith.exe	90
PID 1096 wrote to memory of 1284	1096	OpenWith.exe	92
PID 1096 wrote to memory of 1284	1096	OpenWith.exe	92

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3.zip
1⤵
PID:4608

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:524

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\" -spe -an -ai#7zMap27993:208:7zEvent28876
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4408

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\B318F37E-49C8-4F61-B0F3-6FC2A76E39C9.jpeg" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4560

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\Screenshot_20220921-210605_Samsung Internet.jpg" /ForceBootstrapPaint3D
1⤵
- Suspicious use of SetWindowsHookEx
PID:3204

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4124

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_exe.txt
1⤵
PID:2796

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_dll.txt
1⤵
PID:3676

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\Build\DECRYPTION_ID.txt
1⤵
PID:2084

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\Build.bat
1⤵
PID:4572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\config.json
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:4668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LICENSE
  2⤵
  PID:1284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
541B

MD5
685e4231dc16a24e818ce4f7a9845bad

SHA1
b7a4ad31872321546bbfd08e2c729febccb271ea

SHA256
c7be865f75075de1234871770e1b1224b94fd55ea99b40e0f8d63c5399147bc3

SHA512
4a8d60679a8283200814ac89958947d149e5822e24903f8311f5511fd456dea7a05d56d4b68c28d7b66c6b9c6ee00e0044be98476a80a49736834e48cf6da832

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
266B

MD5
1667a781a13ecc962a2893f95ba718b0

SHA1
9e4308c6d4afaf92f109100e1481a4ed9262c014

SHA256
8eb9980ba280503d3d4e620a92fcf7c07b711c3066ec8928f7ee9ed3d7894558

SHA512
0eef2c1471bd1db9b88995d2983586a9e09ecf35182c84936813508800bce54f7109f44c51bce9b9645f5a5b1d2912677ea2b3c3ed580a5312fcfaf3d736b9c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\B318F37E-49C8-4F61-B0F3-6FC2A76E39C9.jpeg

Filesize
69KB

MD5
f2430f96603ba2513df0987af8e5ab65

SHA1
4d8c47d649c753b1b629825cfc13f0d6a87a8586

SHA256
2e0ca7909d2843b8c3ab104a205cb3eabdb1da9d772271218a77efa0e91947bd

SHA512
25909ed72bf87b3c5edef0e74602837b192b36df279c2bd74867f494835508f98ff3940b5de013e7c8c1dd1201a0f07d2fb1b479b2dfcc2f81caedc10e593949

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LICENSE

Filesize
34KB

MD5
1ebbd3e34237af26da5dc08a4e440464

SHA1
31a3d460bb3c7d98845187c716a30db81c44b615

SHA256
3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986

SHA512
d361e5e8201481c6346ee6a886592c51265112be550d5224f1a7a6e116255c2f1ab8788df579d9b8372ed7bfd19bac4b6e70e00b472642966ab5b319b99a2686

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\Build.bat

Filesize
733B

MD5
1905cc9973206fea5050b737f9303fb4

SHA1
497524177d9478a4b5dca3e73cc230be6abf4ce0

SHA256
e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb

SHA512
95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\Build\DECRYPTION_ID.txt

Filesize
16B

MD5
66fada8fcdaf1a5028f654e9eb557f53

SHA1
3cacba05f54399b9909c9f84412c0ac8e9dc537c

SHA256
d5d9b4cf26c57c01e1f75d3888acf1d0be760f0e77cff8268741f515bdc09b8b

SHA512
3cc21e9cfd48eb4f1fbe8f26cfb66afb0e8122c29e9d861d9ea34b3e87ed6d2f5939b8edc618072597b23e39fe2376998baa91d5572bafce8118133233a5302e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_dll.txt

Filesize
1KB

MD5
7eb31ad3eb78323a3e46851dbe0cc3da

SHA1
3fc122fb34ba75b6662ff2e1f79be79f19f6e95f

SHA256
60f00b22305372a4373193678fa43b2d5b995d6506adeac97f44b617921c5ea3

SHA512
89d2832276f0f5adba69322643e7504e7a3d51774212ce695254a7083ff21a04bbc769832726f2a2dfb8bc7898ebba80643df114fdebc7cc6372726fc890d572

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_exe.txt

Filesize
2KB

MD5
51c137a112527afc7bdc375b3f3da3e3

SHA1
d90cad116bf2519ecf26d0e350ad083a0220ee71

SHA256
204137ad9c040b8e6005e6ae6536dfa52c1cdea3d721f50c2dc5dc5976b4d866

SHA512
968268a6ded501bbd88abfded4697ffad193097bc95a433b3fadda0c22c2e1192f581b9017d87b3ceafa9b25169f8745f81ee4598159ed9566d9316c01cdfc62

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\LockBit3Builder\config.json

Filesize
8KB

MD5
12d844f76f1b59029eb6dd618d74c537

SHA1
7f971c7abb62a16c42b07ad8ce6601f0ffe3bb8d

SHA256
af3f8aa4a82e548a4e0c3fbeec1f8199d540177c5ccdcc70b18325e736564d73

SHA512
df6359a3551f32c9f06a2073de46c88366b5d4506fe59d9eda8e25d32de4ffe1be344e03f87c70d294c63f7a2a86fb052e26b10a09850a96515c228df8f2301a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7d9dd36fff42c25d73b53b514ab43d95fc633d5b0407a70d36f329b3612e75d3\LockBit-Black-Builder-main\Screenshot_20220921-210605_Samsung Internet.jpg

Filesize
193KB

MD5
32efeaa214d2f3c0a64e215080b15f46

SHA1
9892ccbe6767d879f87ea7307da3ecab27ae96cc

SHA256
947a686fb4bbdf6d4bd82abe7442653d107549cb8e70640665950857942822c8

SHA512
e1a166eae8a82b9dc13124959c588e8bdb6b74504cf1d109b66d205c8ef6a6ec3b2e6a56c390089c4d48221d9999f48b1db3b8ebb2a9f811b321dd64a30c7787

Download Submit