Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/p...

windows10-2004-x64

10

Analysis

  • max time kernel
    222s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-08-2024 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/petikvx/LockBit-Black-Builder

Score
10/10
lockbitdefense_evasiondiscoverypersistenceprivilege_escalationransomwarespywarestealer

Malware Config

Extracted

Path

C:\X2Ykx9bnQ.README.txt

Family

lockbit

Ransom Note
~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. You can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. Sometimes you will need to wait for our answer because we attack many companies. Links for Tor Browser: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion Link for the normal browser http://lockbitsupp.uz If you do not get an answer in the chat room for a long time, the site does not work and in any other emergency, you can contact us in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] >>>> Your personal DECRYPTION ID: E738DE3210BF9F45DCAFBFC7CA5E0D67 >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> Advertisement Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. You can do it both using your work computer or the computer of any other employee in order to divert suspicion of being in collusion with us. Companies pay us the foreclosure for the decryption of files and prevention of data leak. You can contact us using Tox messenger without registration and SMS https://tox.chat/download.html. Using Tox messenger, we will never know your real name, it means your privacy is guaranteed. If you want to contact us, write in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] If this contact is expired, and we do not respond you, look for the relevant contact data on our website via Tor or Brave browser Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
URLs

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion

http://lockbitapt.uz

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

https://twitter.com/hashtag/lockbit?f=live

Extracted

Path

C:\fx11LFLLD.README.txt

Family

lockbit

Ransom Note
~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. You can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. Sometimes you will need to wait for our answer because we attack many companies. Links for Tor Browser: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion Link for the normal browser http://lockbitsupp.uz If you do not get an answer in the chat room for a long time, the site does not work and in any other emergency, you can contact us in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] >>>> Your personal DECRYPTION ID: E79DF2F18F087E6E1BE4900A329F569C >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> Advertisement Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. You can do it both using your work computer or the computer of any other employee in order to divert suspicion of being in collusion with us. Companies pay us the foreclosure for the decryption of files and prevention of data leak. You can contact us using Tox messenger without registration and SMS https://tox.chat/download.html. Using Tox messenger, we will never know your real name, it means your privacy is guaranteed. If you want to contact us, write in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] If this contact is expired, and we do not respond you, look for the relevant contact data on our website via Tor or Brave browser Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
URLs

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion

http://lockbitapt.uz

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

https://twitter.com/hashtag/lockbit?f=live

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit
  • Rule to detect Lockbit 3.0 ransomware Windows payload 6 IoCs
  • Renames multiple (649) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 32 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 3 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in System32 directory 16 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 6 IoCs
    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Drops file in Program Files directory 10 IoCs
  • Drops file in Windows directory 25 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 40 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 15 IoCs
  • Modifies Control Panel 6 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 37 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/petikvx/LockBit-Black-Builder
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe318f46f8,0x7ffe318f4708,0x7ffe318f4718
      2⤵
        PID:3356
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:2092
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4844
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
          2⤵
            PID:4232
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:2636
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:3612
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 /prefetch:8
                2⤵
                  PID:3908
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3872
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5376 /prefetch:8
                  2⤵
                    PID:4944
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
                    2⤵
                      PID:2608
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,5968762710765954076,4077387978700980705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4432
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:1044
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4496
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:2844
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build.bat" "
                          1⤵
                            PID:3488
                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe
                              keygen -path C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build -pubkey pub.key -privkey priv.key
                              2⤵
                              • System Location Discovery: System Language Discovery
                              PID:4748
                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                              builder -type dec -privkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
                              2⤵
                              • System Location Discovery: System Language Discovery
                              PID:536
                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                              builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
                              2⤵
                              • System Location Discovery: System Language Discovery
                              PID:1464
                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                              builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe
                              2⤵
                              • System Location Discovery: System Language Discovery
                              PID:4792
                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                              builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll
                              2⤵
                              • System Location Discovery: System Language Discovery
                              PID:4856
                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                              builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll
                              2⤵
                              • System Location Discovery: System Language Discovery
                              PID:1608
                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                              builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
                              2⤵
                              • System Location Discovery: System Language Discovery
                              PID:1116
                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                            "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe"
                            1⤵
                            • System Location Discovery: System Language Discovery
                            PID:2664
                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                            "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe"
                            1⤵
                              PID:2264
                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                              "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe"
                              1⤵
                                PID:2888
                              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                                "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe"
                                1⤵
                                  PID:3504
                                • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe
                                  "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe"
                                  1⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:2444
                                • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe
                                  "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe"
                                  1⤵
                                    PID:4232
                                  • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\keygen.exe
                                    "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\keygen.exe"
                                    1⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:3892
                                  • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                    "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe"
                                    1⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:3108
                                  • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                    "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe"
                                    1⤵
                                      PID:736
                                    • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                      "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe"
                                      1⤵
                                        PID:2260
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build.bat" "
                                        1⤵
                                          PID:4416
                                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\keygen.exe
                                            keygen -path C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build -pubkey pub.key -privkey priv.key
                                            2⤵
                                              PID:2200
                                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                              builder -type dec -privkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:1608
                                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                              builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:3576
                                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                              builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:5068
                                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                              builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32.dll
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:2264
                                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                              builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32_pass.dll
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:732
                                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                              builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_ReflectiveDll_DllMain.dll
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:4992
                                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe
                                            "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe"
                                            1⤵
                                            • Executes dropped EXE
                                            • Drops desktop.ini file(s)
                                            • Sets desktop wallpaper using registry
                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                            • System Location Discovery: System Language Discovery
                                            • Modifies Control Panel
                                            • Modifies registry class
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:3124
                                            • C:\Windows\splwow64.exe
                                              C:\Windows\splwow64.exe 12288
                                              2⤵
                                              • Drops file in System32 directory
                                              PID:6440
                                            • C:\ProgramData\A777.tmp
                                              "C:\ProgramData\A777.tmp"
                                              2⤵
                                              • Checks computer location settings
                                              • Executes dropped EXE
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • System Location Discovery: System Language Discovery
                                              PID:6544
                                              • C:\Windows\SysWOW64\cmd.exe
                                                "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\A777.tmp >> NUL
                                                3⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:4856
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                                            1⤵
                                              PID:7720
                                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe
                                              "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • Sets desktop wallpaper using registry
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • System Location Discovery: System Language Discovery
                                              • Modifies Control Panel
                                              • Modifies registry class
                                              • Suspicious use of SetWindowsHookEx
                                              PID:952
                                            • C:\Windows\system32\printfilterpipelinesvc.exe
                                              C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
                                              1⤵
                                              • Drops file in System32 directory
                                              PID:6268
                                              • C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
                                                /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{2DD1B213-2E51-4500-9A46-6E8CE1A1078B}.xps" 133684036767050000
                                                2⤵
                                                • Checks processor information in registry
                                                • Enumerates system info in registry
                                                • Suspicious behavior: AddClipboardFormatListener
                                                • Suspicious use of SetWindowsHookEx
                                                PID:6376
                                            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe
                                              "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:8380
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 264
                                                2⤵
                                                • Program crash
                                                PID:8572
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8380 -ip 8380
                                              1⤵
                                                PID:8540
                                              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe
                                                "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe"
                                                1⤵
                                                • Executes dropped EXE
                                                PID:8632
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 244
                                                  2⤵
                                                  • Program crash
                                                  PID:8824
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 8632 -ip 8632
                                                1⤵
                                                  PID:8792
                                                • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe
                                                  "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:9048
                                                • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                  "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  PID:5872
                                                • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\keygen.exe
                                                  "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\keygen.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  PID:6400
                                                • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe
                                                  "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  PID:6404
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 232
                                                    2⤵
                                                    • Program crash
                                                    PID:1940
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6404 -ip 6404
                                                  1⤵
                                                    PID:5468
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build.bat" "
                                                    1⤵
                                                      PID:6432
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe
                                                        keygen -path C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build -pubkey pub.key -privkey priv.key
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:3692
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                                                        builder -type dec -privkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:2580
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                                                        builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:2728
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                                                        builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:3096
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                                                        builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:4940
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                                                        builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:1040
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                                                        builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:3428
                                                    • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                                                      "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      PID:8940
                                                    • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe
                                                      "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1324
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 264
                                                        2⤵
                                                        • Program crash
                                                        PID:3856
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1324 -ip 1324
                                                      1⤵
                                                        PID:4508
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
                                                        "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe"
                                                        1⤵
                                                        • Executes dropped EXE
                                                        • Drops desktop.ini file(s)
                                                        • Sets desktop wallpaper using registry
                                                        • System Location Discovery: System Language Discovery
                                                        • Modifies Control Panel
                                                        • Modifies registry class
                                                        PID:3108
                                                        • C:\ProgramData\10FA.tmp
                                                          "C:\ProgramData\10FA.tmp"
                                                          2⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • System Location Discovery: System Language Discovery
                                                          PID:6848
                                                          • C:\Windows\SysWOW64\cmd.exe
                                                            "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\10FA.tmp >> NUL
                                                            3⤵
                                                            • System Location Discovery: System Language Discovery
                                                            PID:3004
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Modifies registry class
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:4772
                                                      • C:\Windows\system32\printfilterpipelinesvc.exe
                                                        C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
                                                        1⤵
                                                        • Drops file in System32 directory
                                                        PID:6052
                                                        • C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
                                                          /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{6FC28EEC-7A15-4AC2-8DB7-E6F6CDC7AA20}.xps" 133684037676850000
                                                          2⤵
                                                          • Checks processor information in registry
                                                          • Enumerates system info in registry
                                                          • Suspicious behavior: AddClipboardFormatListener
                                                          • Suspicious use of FindShellTrayWindow
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:6968
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Modifies registry class
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:7104
                                                      • C:\Program Files\Microsoft Office\root\integration\integrator.exe
                                                        integrator.exe /R /Msi MsiName="SPPRedist.msi,SPPRedist64.msi" PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"
                                                        1⤵
                                                        • Drops file in System32 directory
                                                        • Checks processor information in registry
                                                        • Enumerates system info in registry
                                                        • Modifies data under HKEY_USERS
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:6148
                                                      • C:\Windows\system32\msiexec.exe
                                                        C:\Windows\system32\msiexec.exe /V
                                                        1⤵
                                                        • Enumerates connected drives
                                                        • Drops file in Program Files directory
                                                        • Drops file in Windows directory
                                                        • Modifies Internet Explorer settings
                                                        • Modifies data under HKEY_USERS
                                                        • Modifies registry class
                                                        PID:7844
                                                        • \??\c:\Windows\System32\MsiExec.exe
                                                          c:\Windows\System32\MsiExec.exe -Embedding C907D359A8E63BE49498EA15EB8CE993 E Global\MSI0000
                                                          2⤵
                                                          • Loads dropped DLL
                                                          PID:7544
                                                      • C:\Program Files\Microsoft Office\root\integration\integrator.exe
                                                        integrator.exe /R /License PRIDName=ProPlusRetail.16 PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"
                                                        1⤵
                                                        • Drops file in System32 directory
                                                        • Checks processor information in registry
                                                        • Enumerates system info in registry
                                                        • Modifies data under HKEY_USERS
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:8156
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
                                                        "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe"
                                                        1⤵
                                                        • Executes dropped EXE
                                                        • Sets desktop wallpaper using registry
                                                        • System Location Discovery: System Language Discovery
                                                        • Modifies Control Panel
                                                        • Modifies registry class
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:4596
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                        "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe"
                                                        1⤵
                                                        • Executes dropped EXE
                                                        PID:7368
                                                      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                        "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe"
                                                        1⤵
                                                        • Executes dropped EXE
                                                        PID:8264
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build.bat" "
                                                        1⤵
                                                          PID:9172
                                                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\keygen.exe
                                                            keygen -path C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build -pubkey pub.key -privkey priv.key
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:9084
                                                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                            builder -type dec -privkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:9192
                                                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                            builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:8844
                                                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                            builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:6032
                                                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                            builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32.dll
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:8568
                                                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                            builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_Rundll32_pass.dll
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:6336
                                                          • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                            builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_ReflectiveDll_DllMain.dll
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:8856
                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                          "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          PID:8608
                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe
                                                          "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\builder.exe"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          PID:5500

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\DDDDDDDDDDD
                                                          Filesize

                                                          129B

                                                          MD5

                                                          2435f8e95da503b231fc66f5896edb72

                                                          SHA1

                                                          7371fea08b9891fc1ca095cc65c67a8bdc40605d

                                                          SHA256

                                                          19f0b71044bde9144fa34b27446242ba67a46cb53544faf754c06b74e0c2e60d

                                                          SHA512

                                                          3fcbe9201b943ca850e03558406e0d297521ace6ed67d1a82e76cae0d6cf0b94049c90f287a6ea85af6ad26f81fefdfe1645a5af7983531d5edc71ed395ac8a3

                                                          Download Submit

                                                        • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\YYYYYYYYYYY
                                                          Filesize

                                                          129B

                                                          MD5

                                                          0c687b4ed7d0fc583ab1ae1a6854e53f

                                                          SHA1

                                                          9ab383d810a164aa2213f73015b526f57fe16313

                                                          SHA256

                                                          70e6faf4ff31c172c8c7739b0489cf971bdf5f3bf6809373a545eea777a67c4c

                                                          SHA512

                                                          0895183dc9a0de6d5b2e66d0158bf76b3743c32140db66e395201e6ce50fef0f34c355e3b09478cfefe90fdcd36d3badd7aa80f98d23942b9b07619dfa27e630

                                                          Download Submit

                                                        • C:\Config.Msi\e5a7158.rbf
                                                          Filesize

                                                          3B

                                                          MD5

                                                          21438ef4b9ad4fc266b6129a2f60de29

                                                          SHA1

                                                          5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                          SHA256

                                                          13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                          SHA512

                                                          37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                          Download Submit

                                                        • C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms
                                                          Filesize

                                                          904KB

                                                          MD5

                                                          0bf7335cbb575b762c212c30f8932387

                                                          SHA1

                                                          40de2c33db72f1a632e4353a023a83a299e61250

                                                          SHA256

                                                          b203912ee7f7e2df69d79d5ce29db4a3df0a185598986259ac849a39a56f715d

                                                          SHA512

                                                          9d5d8f66d9cf6f211706584b2ee1d6e73c270f2438503ac9b3c54d6ace581a910bb2d2598d24c97f8385edb6d7db4c8e85dfe39aa40cc2f4e8d396d1f3889261

                                                          Download Submit

                                                        • C:\ProgramData\A777.tmp
                                                          Filesize

                                                          14KB

                                                          MD5

                                                          294e9f64cb1642dd89229fff0592856b

                                                          SHA1

                                                          97b148c27f3da29ba7b18d6aee8a0db9102f47c9

                                                          SHA256

                                                          917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

                                                          SHA512

                                                          b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          cf89d16bb9107c631daabf0c0ee58efb

                                                          SHA1

                                                          3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                          SHA256

                                                          d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                          SHA512

                                                          8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
                                                          Filesize

                                                          264KB

                                                          MD5

                                                          e8e0483c1fb791eb9451839273cee4ac

                                                          SHA1

                                                          05ee3c57d07a548b95fd3005c2e7ff5fcbe9067a

                                                          SHA256

                                                          fcdded4b86c9dbfe1cf537d6aa7d185e994d1b2d92a3132262c15d8da662eab2

                                                          SHA512

                                                          95e378a48fa52e787ad9a58c4261ce81f5320c64e109585601315c207fa3c390b7fffc6d394173daba74622c21f685f3af8cf8e2f46fe5edbda8dd9d3934e5cc

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          0962291d6d367570bee5454721c17e11

                                                          SHA1

                                                          59d10a893ef321a706a9255176761366115bedcb

                                                          SHA256

                                                          ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                          SHA512

                                                          f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          41876349cb12d6db992f1309f22df3f0

                                                          SHA1

                                                          5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                          SHA256

                                                          e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                          SHA512

                                                          e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
                                                          Filesize

                                                          3.0MB

                                                          MD5

                                                          d1dd210d6b1312cb342b56d02bd5e651

                                                          SHA1

                                                          1e5f8def40bb0cb0f7156b9c2bab9efb49cfb699

                                                          SHA256

                                                          bbd05cf6097ac9b1f89ea29d2542c1b7b67ee46848393895f5a9e43fa1f621e5

                                                          SHA512

                                                          37a33d86aa47380aa21b17b41dfc8d04f464de7e71820900397436d0916e91b353f184cefe0ad16ae7902f0128aae786d78f14b58beee0c46d583cf1bfd557b8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          ff63763eedb406987ced076e36ec9acf

                                                          SHA1

                                                          16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

                                                          SHA256

                                                          8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

                                                          SHA512

                                                          ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          2783c40400a8912a79cfd383da731086

                                                          SHA1

                                                          001a131fe399c30973089e18358818090ca81789

                                                          SHA256

                                                          331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

                                                          SHA512

                                                          b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          894f81347c97b37a0af20795740d2cc7

                                                          SHA1

                                                          b78d3c2740759efc7d00506c7afc3732b744259e

                                                          SHA256

                                                          7c8eb097529fc525c4cd61851363067904cd96a33b4a4c6d1718d3a64b4616b4

                                                          SHA512

                                                          cd2ccd48249f5df83c626e8c1a0e9651495bfc619c5b3ad23547235ae8e7c152695a83be19d45d34377566ebb668c948509dc618958150aaeca55e9bc6cf7009

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          573B

                                                          MD5

                                                          0028a1a5c441a3cd5a60c34da771564f

                                                          SHA1

                                                          e15d27a8322b435564ebcd36467b997d0fa8ef32

                                                          SHA256

                                                          8dc36283781a25af9e2ae76d255ae311b2715396f710ff0e9850b0e64525759d

                                                          SHA512

                                                          e26efd2be3114e733acdc00fb54150790872b10c88a7c4d3a19a16383bf58897ad89f14b3255a984f836666b98bafc099d8988532d03acda0dee7a7a7da3f40e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          c4968a7a2f78a0c8a5b43bda7811497c

                                                          SHA1

                                                          4cbdd9154feb28c461666c2eadbbcc81709c928d

                                                          SHA256

                                                          f7dd4925afb690252d514884d416c6f12d426d16266b6de0bbf6566e6ca7fb53

                                                          SHA512

                                                          f9695d260976c19a65fb0b54c0263b6d886f4176eb5acb702b1ce9c88baf2e54e9bf77649dc50bfe33d1fd8ce4c2eaa1948417150c158075fa3e7cb190259fe1

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          0258aec088eef39c3cca751b9dbea913

                                                          SHA1

                                                          341d3fefc98782d1d64a750efc1a2e312e7bcb4d

                                                          SHA256

                                                          773bf3f68fbcf80a099e4b5d53b019049e58a542df38509679da68b8dcc1187d

                                                          SHA512

                                                          a33d32cefd7f3d4b80fcd5fe71803695c358cc37f5503e93f91fe6369282639c9e91f23cc250a08c31689a91d1ec6f76c51f7a1f1c92a7797e51b51d360bfd2d

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          1446d6a355c64d0b9bfd74497af2ac2f

                                                          SHA1

                                                          ef76f0d19b58013878faea9d9b68cb9c9dd2cb40

                                                          SHA256

                                                          5fdd791cc8b2177effbd28f849b4a662bfe27c62f3f8a251fe74333ab8113047

                                                          SHA512

                                                          c940746f19ea6086ea72898e44f23316f4f9c268c32eb1d5c3f7899df39f1580cf10a4c6756771a18c604043019c8cdf9a2fa6dbb8003e3ab69e5fb4a433dceb

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          6752a1d65b201c13b62ea44016eb221f

                                                          SHA1

                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                          SHA256

                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                          SHA512

                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          18c85be030d1db1c7b1a6e9775ab0a2d

                                                          SHA1

                                                          3f72db734b568b5acf85810a912ced4e1bf078e3

                                                          SHA256

                                                          4ae9b3e15651b31571b8ed2488405f6abfb67e4ce749437cc0b0dec0b7ba2f20

                                                          SHA512

                                                          9b936f5699105ba0fb06b73b619836580462a87e8e4a45fbe4a8794091625ab7a9fbaa8cd743d813cdd401de1f9711d3c6716c9b178bb793a4b4e193c45abf2b

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          a460e803298885991b202733951e4402

                                                          SHA1

                                                          e1444ba02f4dbe65a5da15333e64ab8470d82024

                                                          SHA256

                                                          97486e487ed1dcc2ae5810bfd54b0d6b7ef7c6c2b72bc5efd48ccf46969cb4d7

                                                          SHA512

                                                          0142c52b1a36603810ec00854b10f969553c457994cf56912b382ce9ee8a9bd4c2dfdd244e723014cf3fadda604075e4202de3262f0323595076abfce26fc98f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\000000BK.bin
                                                          Filesize

                                                          13.1MB

                                                          MD5

                                                          afc407af607e8b792e755e53fc240186

                                                          SHA1

                                                          1ded100d847e066fc7228e044c52b89417c2dc0c

                                                          SHA256

                                                          b91ac2ad5b73307a076487ed62b550a44699dd4ecf18f8c1506c333e7aa2fafe

                                                          SHA512

                                                          4a7822dabd144bc41a5897cd799c1777ed259904f771da3d415150eb29e1dafd297cb38d17b964891a34ca6feb6ffa9c12bfcb70d07e0cd32d90c055bbeb91e2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          24baad0da9d10a4d573e2a23e4f179a4

                                                          SHA1

                                                          f80a52b5ac48b7fb4c8b120c42be9d1e78536b60

                                                          SHA256

                                                          2f087398ab79374826c5cc96cb4b9c440a80eda75d28c36ba7641f4bbce55bdf

                                                          SHA512

                                                          fac27c2561dd070b10a731525a343b4b081754ea6287a187d586c6101ae6e4f5f6ed2b27db2f4c61b6a41e6269e55e1ffa920ef9e1835bdb573bab876bbf3994

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{51325390-AE6A-68FC-A315-0950CC83A166}
                                                          Filesize

                                                          36KB

                                                          MD5

                                                          8ab0ccfe101f2a223bf9fc11f910ec64

                                                          SHA1

                                                          86a7cf51b399bb786896fb77f59ee8b4844f5afe

                                                          SHA256

                                                          8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a

                                                          SHA512

                                                          b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}
                                                          Filesize

                                                          36KB

                                                          MD5

                                                          8aaad0f4eb7d3c65f81c6e6b496ba889

                                                          SHA1

                                                          231237a501b9433c292991e4ec200b25c1589050

                                                          SHA256

                                                          813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                                          SHA512

                                                          1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc
                                                          Filesize

                                                          36KB

                                                          MD5

                                                          eab75a01498a0489b0c35e8b7d0036e5

                                                          SHA1

                                                          fd80fe2630e0443d1a1cef2bdb21257f3a162f86

                                                          SHA256

                                                          fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47

                                                          SHA512

                                                          2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_NEWS_txt
                                                          Filesize

                                                          36KB

                                                          MD5

                                                          968e7d1aa993ef1052b35a95c51946d5

                                                          SHA1

                                                          c67817521eb4f70d692d3d29b32676b1871e3d40

                                                          SHA256

                                                          719fb4e7016e1c4fff64166a8809a6ffe5d16ba0a40e4e8593ba7f664337e239

                                                          SHA512

                                                          3382a01b518c38859c1ffc8799aacb941fd7bedd2cecaab4fc8e7fe8e44aeb6acf3997b844b9b5d8ddf4e72331e33972606cab1e9d8b527bf80ef7a9a0136022

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{128eda10-2825-40ca-b588-2bcbe4226a7b}\0.1.filtertrie.intermediate.txt
                                                          Filesize

                                                          5B

                                                          MD5

                                                          34bd1dfb9f72cf4f86e6df6da0a9e49a

                                                          SHA1

                                                          5f96d66f33c81c0b10df2128d3860e3cb7e89563

                                                          SHA256

                                                          8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

                                                          SHA512

                                                          e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{128eda10-2825-40ca-b588-2bcbe4226a7b}\0.2.filtertrie.intermediate.txt
                                                          Filesize

                                                          5B

                                                          MD5

                                                          c204e9faaf8565ad333828beff2d786e

                                                          SHA1

                                                          7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

                                                          SHA256

                                                          d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

                                                          SHA512

                                                          e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{c273c237-634b-4e47-b2a3-304100bcd3f0}\Apps.index
                                                          Filesize

                                                          1.0MB

                                                          MD5

                                                          f4514c93191e0efc0f61036e4ebb341a

                                                          SHA1

                                                          c80478e9a734790c18584f67a43518aa4a7dcf58

                                                          SHA256

                                                          43da4fa5f62affe399ceaac2d489b7cde610963a48e72d445bebe6f2c63a3600

                                                          SHA512

                                                          8aecb3491767e040a52f351908004db2c8f2f083397744585c2832212ec8aa288d3492be941a48b04774e16b43672ab167209776cbdef6692fef684fc54666a6

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754214864666.txt
                                                          Filesize

                                                          77KB

                                                          MD5

                                                          580fceb56ae96ce13a8bdaff6a2481c4

                                                          SHA1

                                                          566e846ff69e317fb647b9c8b8b81be285eaf628

                                                          SHA256

                                                          48839cf77779aad31513c255102deb2d65b0ddc2edeebeb00529e5f8e4b84373

                                                          SHA512

                                                          0cb345d7e69e1be5e34473b41724760199d07bea59b8f8cc4081ee0e7a2429dd5b62a5f9ecaf675abbfff10b066f0d386ad8076922d930980fae78cc29387cbd

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670755826425795.txt
                                                          Filesize

                                                          47KB

                                                          MD5

                                                          f44b1e453c8c537ebb3ecc6c9d3c6fa2

                                                          SHA1

                                                          76d043ca26ab639e2b99d657268000dd844cdf67

                                                          SHA256

                                                          85f0ec5892e046088691616baf62a5e52c471a47373a0471af78d32765e91d1e

                                                          SHA512

                                                          701d6762f11174abb7a55b4a70e581a9a022cce29a1207b974998ad7f6ea194ba5507937d89e1e3e8bf065b602bc37e5a44b0e95b41cdc076d85594cfa17abed

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670762122530084.txt
                                                          Filesize

                                                          65KB

                                                          MD5

                                                          a6f0856d5f2841558ca617d819644a05

                                                          SHA1

                                                          f6ae57dc8dc4a7355d2c5056b533a550a9e0e84d

                                                          SHA256

                                                          2dd19a20b12feb80089050b8725d0eae4b87c0c4cbc9d82b00f86e2f0aa69a74

                                                          SHA512

                                                          5676dcad94f24885a74aa2cec28fbd78ba77ee57c7a2fd8d9790b9f45995718918fcd188074f4edd09f2bb722e189cf1e0be540dd52f6b4f092698803510b43f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670792315738820.txt
                                                          Filesize

                                                          74KB

                                                          MD5

                                                          a6f89aa68b9bc265b919c1b615155fcb

                                                          SHA1

                                                          ccb77c0875c5b34b333c86eb71bf1b9be355ad3f

                                                          SHA256

                                                          d8a3a5df405647527121662187bed600eaf616b6c86e8a6d54231d654091bd32

                                                          SHA512

                                                          27d6f7b2b24a8065c410fa2552e4a08e4cb000e2ec83c2564b7ea9339df5c27b0ffc1da1458e437b789295da4334ceab3808cf195388ea224adc8aa09230cfad

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          a8308d2f3dde0745e8b678bf69a2ecd0

                                                          SHA1

                                                          c0ee6155b9b6913c69678f323e2eabfd377c479a

                                                          SHA256

                                                          7fbb3e503ed8a4a8e5d5fab601883cbb31d2e06d6b598460e570fb7a763ee555

                                                          SHA512

                                                          9a86d28d40efc655390fea3b78396415ea1b915a1a0ec49bd67073825cfea1a8d94723277186e791614804a5ea2c12f97ac31fad2bf0d91e8e035bde2d026893

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\wctFC61.tmp
                                                          Filesize

                                                          63KB

                                                          MD5

                                                          e516a60bc980095e8d156b1a99ab5eee

                                                          SHA1

                                                          238e243ffc12d4e012fd020c9822703109b987f6

                                                          SHA256

                                                          543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

                                                          SHA512

                                                          9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\{121C0666-8650-4ECB-BE5E-6CC899764BE7}
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          9f69f9db350f28cda09b6a3408f7f293

                                                          SHA1

                                                          7617b4ff463b0da06adb2d46c14b88afbdb919e0

                                                          SHA256

                                                          a460ae26307f83c7870bc1162deedb2f63c5fffe37199540dd983d26a5da3eaf

                                                          SHA512

                                                          5baf25be6cde207d339c0f3bb89f4974f1589e5ff80b62252d62843e2747b53a08cbf07ad8477ee1efddb83b569633cfe93368c377419e97624d3e7478cc9540

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\{F67D1180-4D16-41CF-86A6-4E5812B43F0E}
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          53cadb71400378e70500d96949d49ed3

                                                          SHA1

                                                          a8b21a35ce1ec1ca2124bcb9fe18c4a7f12c98bc

                                                          SHA256

                                                          3ecaee17606ec5700741b00ccaaaf977cf01597114bc871a5efd9335d1c19032

                                                          SHA512

                                                          5b0c923de7d0beaf3889d9170885886c03e3956f0d46294b93c1e75cb992b305e53ab71e6bde8186eaa82203e86c829834056910093684116b201243956f9f81

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
                                                          Filesize

                                                          16B

                                                          MD5

                                                          d29962abc88624befc0135579ae485ec

                                                          SHA1

                                                          e40a6458296ec6a2427bcb280572d023a9862b31

                                                          SHA256

                                                          a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

                                                          SHA512

                                                          4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
                                                          Filesize

                                                          2B

                                                          MD5

                                                          f3b25701fe362ec84616a93a45ce9998

                                                          SHA1

                                                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                          SHA256

                                                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                          SHA512

                                                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
                                                          Filesize

                                                          32KB

                                                          MD5

                                                          b7c14ec6110fa820ca6b65f5aec85911

                                                          SHA1

                                                          608eeb7488042453c9ca40f7e1398fc1a270f3f4

                                                          SHA256

                                                          fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

                                                          SHA512

                                                          d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
                                                          Filesize

                                                          48KB

                                                          MD5

                                                          2a90ddb22290040c3550f3c5b7345f3e

                                                          SHA1

                                                          1f902645f19002ba307428dfa8a355476777eb14

                                                          SHA256

                                                          5bfd073a50e717b0d102215153c0c72cf1f3128165e19a427c580ecae4b161e7

                                                          SHA512

                                                          765b5a7e41ad45028d56dc7e39823d7660be3681bb5a6210582cddc9c80ce9fe6bcdc29ce2774b0fbd0e49e378a5a8464521b769e1c94a203d9ecc1acddefced

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\AAAAAAA
                                                          Filesize

                                                          153KB

                                                          MD5

                                                          08403985bc72730e9ecfdddba6693857

                                                          SHA1

                                                          dfbf045de3aab5dab43224d53a97eb432d6909b3

                                                          SHA256

                                                          058317fa6eb2fedf05955db4a215b1f7686329c8383e9c10cad1529ccfedff6c

                                                          SHA512

                                                          2e46077b057fde8c939193ad7cb5f44697b9f090f3e5aab47f4b9a9265a61a870902aebbeec4a466585aef83902be6da4475d6e041ea9b53aaa087b20c36b195

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\DECRYPTION_ID.txt
                                                          Filesize

                                                          265B

                                                          MD5

                                                          6959becfb837c61f6a0db1bde653d7dd

                                                          SHA1

                                                          a7171bb1d5885fbab2053f070e4d3fdddc738d3c

                                                          SHA256

                                                          4da68ebb43ce5ed55615fc9c69b90914fa0af3b841a74c9c2c3a62bbd57a4562

                                                          SHA512

                                                          1e2a6993d44640e6fdd8b78b4c83094adf5ec637d7593842b244970fbac116b6379c460e04b5aaedc403dded6cbea688f6bbc035c75f97af941c90dd77663482

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\Password_dll.txt
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          ff1d7fd3d1ef6c263d9b4f6c0489d89e

                                                          SHA1

                                                          a5c18683272ed253b21e290db5a628f35a310382

                                                          SHA256

                                                          8a3112c1b42c1527d770a8071d03ee516e4c42276e0287b414150a3bd6007622

                                                          SHA512

                                                          64ad08e73cda9e2bf79bfc3f5f7a729f4a34fef44de32ef5d886f17281cda90af8d25520ba649b844e3c9b4eb6afb457ee769964099d5cddaa25b39d6b667f55

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\Password_exe.txt
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          ca704c62b3e64e5d498c80f9ef4d59a1

                                                          SHA1

                                                          ceb47a9b743cb0d7a3340626b9e7d290d547b25b

                                                          SHA256

                                                          6c4a30735c7cf3a7a2f8530e6ab4d89d69afc3b872167528863816b880665f7b

                                                          SHA512

                                                          56df60d48998c0c08212865b1169e134db0f983eccfca367b0cefd6f0635ebe59b63b324bf03c0ce4f4741e70360a10c9a6b60c94143c59072d47598fc0be0c5

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key
                                                          Filesize

                                                          344B

                                                          MD5

                                                          98dcee2cd01f16fdb1cc93f08a74311c

                                                          SHA1

                                                          6412583d10a1039051cb0580cb552b0aac7e5cac

                                                          SHA256

                                                          a1913c470bd6e4ac7eecf45374eece7d177593d3ae92bc1c819d26f4abeb338f

                                                          SHA512

                                                          fc82c635fbf515d678ef4310afb58bee4daf8b0ff3ae32dc408aa9392c1ee0e93b4eab3e0de55f3e458494ecafb3da415ed0e2f783df10ed05ffb3122e9fd156

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key
                                                          Filesize

                                                          344B

                                                          MD5

                                                          109961fd055a48d86a8a3f3bf6848fc6

                                                          SHA1

                                                          5f2dec3ac91d65e761150026528998df81f9984b

                                                          SHA256

                                                          7266330832c43508798c4e1dae717af591a3d5cd045135767d341598835bd103

                                                          SHA512

                                                          ce37e4ab556055129a270c50bb13281a4b104446a00b45f5b51027611a776f8b19f77e9b5f033b610e76565df4b2972b517c82a90196d45b292628480a258aee

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\DECRYPTION_ID.txt
                                                          Filesize

                                                          265B

                                                          MD5

                                                          626d8a3d43708c1e9809d16cc3b55536

                                                          SHA1

                                                          d756fbe7cc68e623b5cdf01e6441fde150f67027

                                                          SHA256

                                                          a362177468364078a113d699b2765f94c9d28c65021714b7d6b150951919e28a

                                                          SHA512

                                                          0e3b38330a934a9a9e5574e240f2888ba27d0611d6dd6bdf7c1254363476a72a7a2e34c61bd7eb2cc25dd256b21760f98d1737ae3bf43e178a76566f3c4b5387

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\EEEEEEE
                                                          Filesize

                                                          153KB

                                                          MD5

                                                          2e1c4fcae7aedf7f03a944baf6c829dd

                                                          SHA1

                                                          16be7bdb6a4ca8dd00428698793933b411451b86

                                                          SHA256

                                                          fc86196408c5ab827f55887b03c29abb39c546ab1bec3912fd4f4b2c7550ea8b

                                                          SHA512

                                                          bcbfdc4c21d6052d7a98e1267eba8cb3dbb7ab325cb9846afee805860ba83f5c003efab165c775ddf21b22058bfdb8f6bfa2ca5a87ed3d8e14457e1b25fe450c

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe
                                                          Filesize

                                                          153KB

                                                          MD5

                                                          fa60b668865b55cc4c77556df2af675e

                                                          SHA1

                                                          522365c999af96b63fc1a638010f6ec66094033e

                                                          SHA256

                                                          4256b3e732c532d2b643c65f8b4ff5c0e04d50b3852cfa517b12444d73a1637f

                                                          SHA512

                                                          6ee6e878c8e27ee69dba1c742c6134c88ff7e529665deb3603e9dae315c70454f1b528e2ccb7c9f12eb6824fd18ea4b56cd420becdeefbb28a6602e88a60edb4

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3Decryptor.exe
                                                          Filesize

                                                          54KB

                                                          MD5

                                                          e2b1707f6971dc514e8200ae1aca055d

                                                          SHA1

                                                          ec9d2584c5fed43221eacd5785ad2cfcb901a927

                                                          SHA256

                                                          ddea21b9795ca3700f55b4cf0db70670f1cd190f504323bc8c10d13ecdb11b91

                                                          SHA512

                                                          e28cd9d8ea78433f070b4e361368ecfd456fc980b7d21e82a5e4ee7b43aeb681d7c1a4d18b8d09fa1b764b2045d992f9a2502b7bc53587d8357b1a7ddc4eb2b6

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_dll.txt
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          a39ef55f1e999b802ee722efad15972d

                                                          SHA1

                                                          8dda0f0b863fbca07c011ff08384f31b39aa495e

                                                          SHA256

                                                          1546c216aa7715932277b30ba08a08284ad7eddbe8cba25c0d4c3a4ed879e410

                                                          SHA512

                                                          f6799d2d6f3502606b977c733161c2baed8b1bf86c44541b2859de766170315cc5ddd86f3631fa020f530efb24d7b28b1745f9b8fa1030ee7691b57de2964917

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_exe.txt
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          bcbfdcc62d1a92a249af558d7069d795

                                                          SHA1

                                                          556d968a5a1f71b9b2db618517cb9655c654ccc3

                                                          SHA256

                                                          fdb493b171ecd4574f6ed68eecf2852b95c946b69e21b2963bb343e804ca45b7

                                                          SHA512

                                                          1227140c29c67e0e9ac381a79d44cd16c43ca8c2d46c7b7d790c2c351dfe6f43322f86fd7bfebb3d93bde531cd8f38c82ceaadca4998026a3f80c76f3fa91ba1

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\priv.key
                                                          Filesize

                                                          344B

                                                          MD5

                                                          4ae07121c2effae3b77b57e9c8585177

                                                          SHA1

                                                          1f69a20563d4780551b0323246433c4655e7c6d0

                                                          SHA256

                                                          08f4f6d6804a3a5f62edbc440d3c3f885830fd4939df7dc24594841ffdaf9f0c

                                                          SHA512

                                                          dce4bfc26bb40b2fb95087f4588d2aad7eb238d45fc8b58351c9dfb4d0c7da8f71509f3aaeea4863360846d85a86c52819c6cc58bc96565e519c4612eef542a2

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\pub.key
                                                          Filesize

                                                          344B

                                                          MD5

                                                          12a99200d2a825771a636ef8e281812a

                                                          SHA1

                                                          6e012c954e5ed9dda9e3093aec20c821e5904c1e

                                                          SHA256

                                                          cb85d4e6db31ad89f201863714473704538fd78237207f41a41039c940c94bf2

                                                          SHA512

                                                          678269ccb2a0e2e7d94216c521ff2134305eec21445da58b6724935cb85b68b77c2980b4f084e4bc8192da9eff45c80aeb28b422b17be7d4d4fa9aadbbf8a4e1

                                                          Download Submit

                                                        • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          0323e58ebe261b4ddad3235aeaffb2b5

                                                          SHA1

                                                          c5ecee9e787ccee468c303e8663660f02ff28bd7

                                                          SHA256

                                                          1f6fbe2c313194a4522bc6670d4a1eaeee37dbf3e33814e98f4d351d3f3d35db

                                                          SHA512

                                                          3c3bd1ea247764c66255b69cd251735ce267a06c3f85b2b83a1df650743fed04eb9cef86b2fe9fa5cf56b337be22fcbbcba26bda04d6bf1d39fe03ac7afccd6d

                                                          Download Submit

                                                        • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
                                                          Filesize

                                                          4KB

                                                          MD5

                                                          2b7fb21362d966c3e5844acf3075a131

                                                          SHA1

                                                          fc4776a83d7301ffc18b19a59e542e31be38804a

                                                          SHA256

                                                          17328e0e629a11d2cb1a9b5b878e83c7cf7333f438f51df62dc1fe9e0ef5f1a3

                                                          SHA512

                                                          9ae54606856e26b56602afd40e717274748c816145e4fdb1434372a8acfc4a900abaa9a9f2682ea38748f161b20eb792708e8a268d5600c45e0bff3e5a3a81d1

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\LockBit-Black-Builder-main.zip
                                                          Filesize

                                                          2.6MB

                                                          MD5

                                                          a5fbe0c5d0b5abd4dd0cb3bf69f3be6b

                                                          SHA1

                                                          fcc36b7c657a9187572ad3f527992b33c560f2e3

                                                          SHA256

                                                          34ae59b7acc09c2e82625640cae82c5158b649db1418ddbaa24138b51f1722c5

                                                          SHA512

                                                          a10b15c4368bbb836643d534a2c732c794bdac1034ca7c088ebd7c5333969763eea5be30977e6dd6b039e051e4b36acfef6fbb5129009d5bfd1eb75d706c7cdb

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\LockBit-Black-Builder-main.zip
                                                          Filesize

                                                          2.6MB

                                                          MD5

                                                          4b2e98835f5da6624c135485777c6bbf

                                                          SHA1

                                                          a8153ad9b17c848124a7806439302f1f44d67d42

                                                          SHA256

                                                          2f7358d2abe0a00b6ae71e2267bc6b3a161323c8db57aa6bfe0502ff9e3dc18a

                                                          SHA512

                                                          81babe52ddb14d0995cef09a639891e045fe2efa5dfbd83f987b9531ac24d7f75034cbc22aade936248c482bb2c419e6b018e3bf0d0e7b621a087241586bd504

                                                          Download Submit

                                                        • C:\Windows\Installer\e5a7149.msi
                                                          Filesize

                                                          13.7MB

                                                          MD5

                                                          988d663ba702ffe35f7f8080c83d2feb

                                                          SHA1

                                                          dbc3538e352831bec7c2e09ecd091f1fba34b62a

                                                          SHA256

                                                          b640c2c6e11ec5e31a255641f86b765ff5fe29d419de45b57510cf3eacf633b9

                                                          SHA512

                                                          25204f7649d928b3b6728317ce4b247d1f907e3a26dd49a096ad0d9ce41cfd5b0f512c9450fcca81b6d72a640815d9943931cb0084180e53ee201685f9f8f1eb

                                                          Download Submit

                                                        • C:\X2Ykx9bnQ.README.txt
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          cd1654c59a703e0453dc44f0c4a955c1

                                                          SHA1

                                                          ee6d0e5a7f7eacd3221883bb3319595eecefd2a9

                                                          SHA256

                                                          7db95965b9827a4ddb24ed0d876137aa49a7bb1aef64eadb9a09c29a616ddd63

                                                          SHA512

                                                          cc3138c6eaa9876614a266dc4b73cf958481f52f70c73e7bd16fb9741bd65aa291959820a8b4a992e808d625b860fb0806c157fec4d17a43148ab50348f04e19

                                                          Download Submit

                                                        • C:\fx11LFLLD.README.txt
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          7e13258813a40cfcd8763f0b32da209c

                                                          SHA1

                                                          61a294707bd117a29dddd208b8c90d005298cf96

                                                          SHA256

                                                          42ee25614ffe23fe28f19136a43013da8788a805e29f84e665ed5b6e27d5dce9

                                                          SHA512

                                                          99a05516462c9bb6afb7eac73a2aa92737f337e1889f37a73bc73d5135c52d82a6cb90546acfad3804d3ed9da8531da5b389ce88b6b8094a46ac5dc06a1ca5bf

                                                          Download Submit

                                                        • C:\vcredist2010_x64.log-MSI_vc_red.msi.txt.X2Ykx9bnQ
                                                          Filesize

                                                          380KB

                                                          MD5

                                                          9216c50401ba3a4084a68d6ade23542e

                                                          SHA1

                                                          15599f6eff5a81e001bada3c52a7a3f309b50bed

                                                          SHA256

                                                          382e83ec158256a04b13dec9ffb853e86d2447788662d81ef3f777fe8e536818

                                                          SHA512

                                                          a4d5f5976ed21296484ea7b698734cd605e9a769b4518aeb029dd6cd91157241d9dd3be2c830cab209df9fb4e1472597c49b97016e2b04fbde40c461bce4bad1

                                                          Download Submit

                                                        • C:\vcredist2010_x64.log.html.X2Ykx9bnQ
                                                          Filesize

                                                          86KB

                                                          MD5

                                                          8ed6a5225eb3a62cdbee785bcd228e23

                                                          SHA1

                                                          9af92e29984f17ba943b56f66f332295ab3fd377

                                                          SHA256

                                                          ea4052c1af6b3be92f7e482d82c0840b53208bbd9ebc3cd349d8cc7ff74c665f

                                                          SHA512

                                                          0aaeb999db44c9515099a6afcd0b6f76706ce359e3fa93219e7b19b398b79f0ddd3e0d50d166410715fe74ed3534e7e851d240cc30b2ff091a8380f18a51649f

                                                          Download Submit

                                                        • C:\vcredist2010_x86.log-MSI_vc_red.msi.txt.X2Ykx9bnQ
                                                          Filesize

                                                          395KB

                                                          MD5

                                                          3acdf4d5ddec3caf5488d933999de066

                                                          SHA1

                                                          54075c5102216adfa5eba0e96df8e3c0fdc234da

                                                          SHA256

                                                          b210df48a1946b45c3b750fcac0367722dac70f6fbc52168e54c70b7ce69233e

                                                          SHA512

                                                          ba6752fc029b9d31b2532566cce3173f04021b3b3958d9b16b8223ca284580f4f95190a775da2aa4ac331d1d2bcbe23e5b934b45c87676e3f7489f11ce0ee401

                                                          Download Submit

                                                        • C:\vcredist2010_x86.log.html
                                                          Filesize

                                                          81KB

                                                          MD5

                                                          ed9a1ce215f5ff61f6dc899b2a88bf0f

                                                          SHA1

                                                          8ecccc3a8bb588c42e2634e729b86b7d2129f57c

                                                          SHA256

                                                          ebab254f6e95a49e1665c5199ed1e5509e9d62dcf10a46329d797416bdc6b63c

                                                          SHA512

                                                          319c7bb87b264910609d90fdd494aae99d762110d0ea7a0d3c1ce59ce149df4719f97fa8fa82f24ee472d02f4197dfec24e61a0bb4502821214ac10768b6cadf

                                                          Download Submit

                                                        • C:\vcredist2010_x86.log.html.X2Ykx9bnQ
                                                          Filesize

                                                          81KB

                                                          MD5

                                                          3dd2be229f9a2ceca4dda9cf8ebdc331

                                                          SHA1

                                                          803a66bd9ca021d9f4d48b5a9897052dac8d0db4

                                                          SHA256

                                                          e0d7558823e10739e08d3706cbce0f1c1be7aca0269fdb687088a6b8e206f7b7

                                                          SHA512

                                                          95672aa83952a6cc2afe5d9170b9d48b54149b5f0b0c3c9a86b126a7006c2d6cbb63d64a85d63c3ec789932e86675adcbe0dff3fa9063ce683d0b52466c59e9e

                                                          Download Submit

                                                        • C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log.X2Ykx9bnQ
                                                          Filesize

                                                          168KB

                                                          MD5

                                                          341ee8658cbce37cc0d9749b3cb35c5c

                                                          SHA1

                                                          db4490647446f9024188118fcbc63455012baeac

                                                          SHA256

                                                          3e752edfeaa19f8b0e567beb239cc4f2e77ee47388a969778fc69d13810b4a06

                                                          SHA512

                                                          363d463997f74590822dc3a8d076efe9cf5708cd897518f4b8f047bfb159c3a3731b4bbd9948028bfeb7648f37d37b5983f6325ad1a434345167f9357c6d184b

                                                          Download Submit

                                                        • C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log.X2Ykx9bnQ
                                                          Filesize

                                                          195KB

                                                          MD5

                                                          a98e934d61c274286b6263412f424c34

                                                          SHA1

                                                          d2d0a0d799427886fff0c48093a25ca7b11152cc

                                                          SHA256

                                                          32b6cc0598d9476ef9ee422f6abbab9cce2d3788f34cba5424a91443eca8837e

                                                          SHA512

                                                          1c772793950273fdf429de96be7e21cd5d4c239889c7d1621557fcc305c877a8dbaa4ccd81a5fe7ab76f7602966636a45c9eaceca822d3ee49976f9119932296

                                                          Download Submit

                                                        • C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log.X2Ykx9bnQ
                                                          Filesize

                                                          171KB

                                                          MD5

                                                          4bfbd76142f35eb8ad321b01321fc92f

                                                          SHA1

                                                          129cd4c16040d058a6cc6e4bfe6502094378f656

                                                          SHA256

                                                          97312410f55eaf317f486cebc90d06d6ed224a0c8f0f1a938f0eef15576b18a3

                                                          SHA512

                                                          c79932fae7eb41590b610818dab251a023bdd4345a9991238823668d2faaa95b852e167ca7a17da839fd61ced5060a7f3a1aefc63c55de6654916c91a35dc7ce

                                                          Download Submit

                                                        • C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log.X2Ykx9bnQ
                                                          Filesize

                                                          208KB

                                                          MD5

                                                          f8939148683f7ae294cc44db951fa52a

                                                          SHA1

                                                          38227328d654c1b88f65349b32dee78415748ee9

                                                          SHA256

                                                          cae5607ed1a2df91973235cb8df17c50f64ee3ee81b834d4be4ec2ff89483bcc

                                                          SHA512

                                                          031b047de7802b1b8d6593e267066b5c67aba35501b020a6c5833c97202e58b0121396aad7e64cc35cdabd7f64093948d4cba2506bc89804917e95e1c31c148f

                                                          Download Submit

                                                        • C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log.X2Ykx9bnQ
                                                          Filesize

                                                          170KB

                                                          MD5

                                                          dd2a333596e260df7588249defebb1a6

                                                          SHA1

                                                          ceb757e0274e6bf0fde1c208173e79f1870d9bc2

                                                          SHA256

                                                          5647e81ea287d237a161fb485222696a4c685308ff2f2b5a0d1e9b2c6b047640

                                                          SHA512

                                                          2f18923bb0e4c9c829851669d33f627fa9d12342286fb9f64bfe3e7f4d57e4fc338ec070b9d60a1871f5c42e507a064c99998dde323516cd1dd870e5422d53d3

                                                          Download Submit

                                                        • C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log.X2Ykx9bnQ
                                                          Filesize

                                                          191KB

                                                          MD5

                                                          70767a1cde8b35cb436f62672e6830ed

                                                          SHA1

                                                          bbd4ba1a3c5a58ae5c961479fbe541750ff3faf6

                                                          SHA256

                                                          d07c4ece7578b6c8a8ef902061496e863425b2296ff21b65ddcebdc6e80b25eb

                                                          SHA512

                                                          f24a1f41ceb7f8c8bd0030c6c951ea4bf4239c14b1e395658fad8f41da1d22384b1ca779fe5288e7fb63b1c2c53e69a08d16951383bbfa319e9b0c5e1524d7a9

                                                          Download Submit

                                                        • C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log.X2Ykx9bnQ
                                                          Filesize

                                                          170KB

                                                          MD5

                                                          e3d245342ba744cddcb1cdbc3abb58bd

                                                          SHA1

                                                          ae2c13135966d74b83894496b0672d082fdb4451

                                                          SHA256

                                                          3044b1a28023d47124ecec964d1d407da6d78635defcab3710998680cc878fd3

                                                          SHA512

                                                          771d666270fff0b5934cae5ae0ece619cbcb6a4213df52910f9a0ebb47a4007a8037874e1970a1dabcde2dc5fd555c3c5234b1d0d4082e922e37c88219f98656

                                                          Download Submit

                                                        • F:\$RECYCLE.BIN\S-1-5-21-2412658365-3084825385-3340777666-1000\DDDDDDDDDDD
                                                          Filesize

                                                          129B

                                                          MD5

                                                          2cb4999f7fa5c0ed8db8dc518c34c611

                                                          SHA1

                                                          b841c03df373dcdc217b212819cb67d44b5089c1

                                                          SHA256

                                                          aae6a17b431876c7e8c0c8cba5c8c88ea2d8127500c84e3d25660a4b1fabfa31

                                                          SHA512

                                                          989a950050180123b7d53cbc5dd7f986764425e1956b6b9dc5b5b221eb20e6e365a40a893e89a048e410becef66f21044376404022da7f03db95acf83bd24003

                                                          Download Submit

                                                        • \??\pipe\LOCAL\crashpad_4644_CPWXNNNTRLAKXXFO
                                                          MD5

                                                          d41d8cd98f00b204e9800998ecf8427e

                                                          SHA1

                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                          SHA256

                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                          SHA512

                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                          Download Submit

                                                        • memory/1324-4123-0x0000000000400000-0x0000000000429000-memory.dmp

                                                          Filesize

                                                          164KB

                                                          Download

                                                        • memory/1324-4124-0x0000000000400000-0x0000000000429000-memory.dmp

                                                          Filesize

                                                          164KB

                                                          Download

                                                        • memory/6376-3389-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6376-3388-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6376-3385-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6376-3387-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6376-3386-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6376-3423-0x00007FFDFDDA0000-0x00007FFDFDDB0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6376-3422-0x00007FFDFDDA0000-0x00007FFDFDDB0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6968-7122-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6968-7121-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6968-7120-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6968-7123-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/6968-7119-0x00007FFE002F0000-0x00007FFE00300000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/8380-4109-0x0000000000400000-0x0000000000429000-memory.dmp

                                                          Filesize

                                                          164KB

                                                          Download

                                                        • memory/8380-4110-0x0000000000400000-0x0000000000429000-memory.dmp

                                                          Filesize

                                                          164KB

                                                          Download

                                                        • memory/8632-4111-0x0000000000400000-0x0000000000429000-memory.dmp

                                                          Filesize

                                                          164KB

                                                          Download