Overview

overview

10

Static

static

10

LockBit-Bl...1).zip

windows11-21h2-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-11-2024 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LockBit-Black-Builder-main (1).zip

  • Size

    2.6MB

  • MD5

    a5fbe0c5d0b5abd4dd0cb3bf69f3be6b

  • SHA1

    fcc36b7c657a9187572ad3f527992b33c560f2e3

  • SHA256

    34ae59b7acc09c2e82625640cae82c5158b649db1418ddbaa24138b51f1722c5

  • SHA512

    a10b15c4368bbb836643d534a2c732c794bdac1034ca7c088ebd7c5333969763eea5be30977e6dd6b039e051e4b36acfef6fbb5129009d5bfd1eb75d706c7cdb

  • SSDEEP

    49152:RXO172+O52uX9HaMAvqjw+6vfdTZseFqnC/6qZoAws4vxF8:Rp+OEuwy6ZDX/6woAws45C

Score
10/10
blackmatterlockbitdefense_evasiondiscoveryransomwarespywarestealer

Malware Config

Extracted

Family

blackmatter

Version

25.239

Extracted

Path

C:\eo9QMbQjw.README.txt

Family

lockbit

Ransom Note
~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. You can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. Sometimes you will need to wait for our answer because we attack many companies. Links for Tor Browser: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion Link for the normal browser http://lockbitsupp.uz If you do not get an answer in the chat room for a long time, the site does not work and in any other emergency, you can contact us in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] >>>> Your personal DECRYPTION ID: 51FB3182A92CFC7D6F1BD8DC1E4DDCAB >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> Advertisement Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. You can do it both using your work computer or the computer of any other employee in order to divert suspicion of being in collusion with us. Companies pay us the foreclosure for the decryption of files and prevention of data leak. You can contact us using Tox messenger without registration and SMS https://tox.chat/download.html. Using Tox messenger, we will never know your real name, it means your privacy is guaranteed. If you want to contact us, write in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] If this contact is expired, and we do not respond you, look for the relevant contact data on our website via Tor or Brave browser Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
URLs

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion

http://lockbitapt.uz

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

https://twitter.com/hashtag/lockbit?f=live

Extracted

Path

C:\HHuYRxB06.README.txt

Family

lockbit

Ransom Note
~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. You can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. Sometimes you will need to wait for our answer because we attack many companies. Links for Tor Browser: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion Link for the normal browser http://lockbitsupp.uz If you do not get an answer in the chat room for a long time, the site does not work and in any other emergency, you can contact us in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] >>>> Your personal DECRYPTION ID: 21BAF8E63EE715F8185C691DF1D0BDBE >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> Advertisement Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. You can do it both using your work computer or the computer of any other employee in order to divert suspicion of being in collusion with us. Companies pay us the foreclosure for the decryption of files and prevention of data leak. You can contact us using Tox messenger without registration and SMS https://tox.chat/download.html. Using Tox messenger, we will never know your real name, it means your privacy is guaranteed. If you want to contact us, write in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] If this contact is expired, and we do not respond you, look for the relevant contact data on our website via Tor or Brave browser Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
URLs

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion

http://lockbitapt.uz

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

https://twitter.com/hashtag/lockbit?f=live

Signatures

  • BlackMatter Ransomware

    BlackMatter ransomware group claims to be Darkside and REvil succesor.

    ransomwareblackmatter
  • Blackmatter family
    blackmatter
  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit
  • Lockbit family
    lockbit
  • Rule to detect Lockbit 3.0 ransomware Windows payload 7 IoCs
  • Renames multiple (577) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 12 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 3 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in System32 directory 5 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 3 IoCs
    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Control Panel 3 IoCs
    evasion
  • Modifies registry class 13 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main (1).zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2024
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4588
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe
        keygen -path C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build -pubkey pub.key -privkey priv.key
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3320
      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
        builder -type dec -privkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3760
      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
        builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4288
      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
        builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2460
      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
        builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4916
      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
        builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4140
      • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
        builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3468
    • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
      "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe"
      1⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Sets desktop wallpaper using registry
      • System Location Discovery: System Language Discovery
      • Modifies Control Panel
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1544
      • C:\Windows\splwow64.exe
        C:\Windows\splwow64.exe 12288
        2⤵
        • Drops file in System32 directory
        PID:3212
      • C:\ProgramData\2641.tmp
        "C:\ProgramData\2641.tmp"
        2⤵
        • Executes dropped EXE
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:844
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\2641.tmp >> NUL
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1880
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
      1⤵
        PID:4140
      • C:\Windows\system32\printfilterpipelinesvc.exe
        C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
        1⤵
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:1112
        • C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
          /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{EB64AA86-AE05-4860-BC30-21654E4C73CD}.xps" 133762627542250000
          2⤵
          • Checks processor information in registry
          • Enumerates system info in registry
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          PID:2804
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\eo9QMbQjw.README.txt
        1⤵
          PID:624
        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
          "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe"
          1⤵
          • Executes dropped EXE
          • Sets desktop wallpaper using registry
          • System Location Discovery: System Language Discovery
          • Modifies Control Panel
          • Modifies registry class
          • Suspicious behavior: RenamesItself
          • Suspicious use of SetWindowsHookEx
          PID:1288
        • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe
          "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3_pass.exe"
          1⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4204
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 276
            2⤵
            • Program crash
            PID:4072
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4204 -ip 4204
          1⤵
            PID:4772
          • C:\Windows\system32\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_exe.txt
            1⤵
              PID:1648
            • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe
              "C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\LB3.exe"
              1⤵
              • Executes dropped EXE
              • Drops desktop.ini file(s)
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • Suspicious behavior: RenamesItself
              PID:4392
            • C:\Windows\system32\printfilterpipelinesvc.exe
              C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
              1⤵
                PID:7812

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\$Recycle.Bin\S-1-5-21-2410826464-2353372766-2364966905-1000\DDDDDDDDDDD
                Filesize

                129B

                MD5

                4088fbf67aaf55ffd2898c6feaafd2d0

                SHA1

                3a94dc45a092c297a00b6a7fea0776192c3be137

                SHA256

                15e70df69aa0c220248b7d933ffcd09463c8ad4acfc849a4ab97b52d82997297

                SHA512

                c5b5e98837df175756a471e8decf2d84fd0e99ba65d0ee3dcfcfb66bb959696278d538f948057e6aa4df16e1ad50f8c89b6b7d4a729f54759924d11bf8422d9d

                Download Submit

              • C:\$Recycle.Bin\S-1-5-21-2410826464-2353372766-2364966905-1000\YYYYYYYYYYY
                Filesize

                129B

                MD5

                97a566ee5055732ca637cce9fcd37336

                SHA1

                8776af54ded017bd394dfdab6c9f226a231c184f

                SHA256

                34cf8fa25e479382b6e2385d4514053bf8f6476bc55b15a852c01ad7a51ee106

                SHA512

                0eef44fc6a26ffc327407e79d0dd84a02520ecd8bc44cb871bfeeac9c4de7b6ef328507d8b148291b3510461ace5945ebbba9b864f6f1e16ddcb95e77708b4db

                Download Submit

              • C:\HHuYRxB06.README.txt
                Filesize

                6KB

                MD5

                82dbbaafb1db42ba176ac73388000bfe

                SHA1

                d7f79bad8479eef8c93ec36f13ce39ad5a9104ef

                SHA256

                7e8160679406dabe651dad33cc8e397108770218ef081a02e35ddcca2a317fa8

                SHA512

                900aff216908e5db9c1bdec87b9faf219ea53cd87a5684a717cca0f1fa82bfc52b963bf060415df6d62104b20d228e657fe42dd57cdba10b116d4269f161874d

                Download Submit

              • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
                Filesize

                3.0MB

                MD5

                d1dd210d6b1312cb342b56d02bd5e651

                SHA1

                1e5f8def40bb0cb0f7156b9c2bab9efb49cfb699

                SHA256

                bbd05cf6097ac9b1f89ea29d2542c1b7b67ee46848393895f5a9e43fa1f621e5

                SHA512

                37a33d86aa47380aa21b17b41dfc8d04f464de7e71820900397436d0916e91b353f184cefe0ad16ae7902f0128aae786d78f14b58beee0c46d583cf1bfd557b8

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\settings.dat
                Filesize

                8KB

                MD5

                a8308d2f3dde0745e8b678bf69a2ecd0

                SHA1

                c0ee6155b9b6913c69678f323e2eabfd377c479a

                SHA256

                7fbb3e503ed8a4a8e5d5fab601883cbb31d2e06d6b598460e570fb7a763ee555

                SHA512

                9a86d28d40efc655390fea3b78396415ea1b915a1a0ec49bd67073825cfea1a8d94723277186e791614804a5ea2c12f97ac31fad2bf0d91e8e035bde2d026893

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\wctD2A1.tmp
                Filesize

                63KB

                MD5

                e516a60bc980095e8d156b1a99ab5eee

                SHA1

                238e243ffc12d4e012fd020c9822703109b987f6

                SHA256

                543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

                SHA512

                9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\{3DA9B9B4-9BE0-431D-8E6A-5383AA575906}
                Filesize

                4KB

                MD5

                dee09fb6c06bbe29f938b48aa2b66d60

                SHA1

                74f16115182609a7040075f7994f05128b8bc4bb

                SHA256

                b99d6a703deb9e0a1e65fba99d8f95f9fc1f0300de05d83aca3fcb07ebdc3b6d

                SHA512

                2d0a0cdd74d55ee221ab1a02d3baa64592cac21dc20af248ad817d15454d6a7ca41d0ab45c59be376d0d2934719b318938cf488f50b85963671e26f7252db7d7

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
                Filesize

                32KB

                MD5

                b7c14ec6110fa820ca6b65f5aec85911

                SHA1

                608eeb7488042453c9ca40f7e1398fc1a270f3f4

                SHA256

                fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

                SHA512

                d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
                Filesize

                48KB

                MD5

                c56fa3a54814d8da6c9d683838b83743

                SHA1

                14794da32c645c23d228965ee5971816b7e2fd4c

                SHA256

                68bf3504d42a33446e6491c6e41dd279f7d751ed8d341ac6eb37df12c22bab50

                SHA512

                807782a26419ceac895f5e1c4651577375dbe9d0b0515f83f3eaa980a820d5e735bb9abec68fad3b107a80f738c199fc9e4ea822d00460be5693641f8c7e34b6

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\B318F37E-49C8-4F61-B0F3-6FC2A76E39C9.jpeg
                Filesize

                69KB

                MD5

                8322dcc2cb5f294b6c59270de01dae81

                SHA1

                0f77ce9e64f13082d828b63b58437577fb7c6280

                SHA256

                82ac476d5bc09957d1c6a0a6cfd8e7a788da11eeb65be7b667db7ab99e64a1a5

                SHA512

                6395500d881b8b66ced83379c36ba5cde8ed4fa72dd1602f36593b804f006f73576ee7fce2bac1be8d849dd39215eb4ebfa017ea2bbc9f29c1afedce3f3d5999

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\CC9FCD28-984A-4582-ADEB-929A010AE91B.png
                Filesize

                119KB

                MD5

                7086d95b3312b14015a260aa593177d3

                SHA1

                e38823e3e1ba2524ddab159158d5e265e857df51

                SHA256

                5ce261e7ab946eac69255d10e4da76cfc8e8e9c10271591466d26f31902ee3ef

                SHA512

                cbef452949efe963536907550c70479bc12ade533f33f784d8fb99c83a8bf54a20c2f11200980f305ac5c647f0801b0486a54f369db5095bdf5cdcf41f28bd61

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LICENSE
                Filesize

                34KB

                MD5

                7a50a76de707f904df39e3d80de41969

                SHA1

                8b4ed888cc1ea1f1842f5366882ae20a43f410fd

                SHA256

                2019e44250eb5ba40a9cc8a958206d93be374e4e38846dd1eb6d881aa6158eac

                SHA512

                1e4656187e7a5c3c28f700cd903dcad8b4838f2dd8011face3b5a7e1120929b19ccf3b5c10cc7af97047b150d15a7514cda1b1efa748f2f799a85c0b9544579d

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build.bat
                Filesize

                733B

                MD5

                1905cc9973206fea5050b737f9303fb4

                SHA1

                497524177d9478a4b5dca3e73cc230be6abf4ce0

                SHA256

                e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb

                SHA512

                95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\DDDDDDD
                Filesize

                153KB

                MD5

                79f57bb3138e0e96ebde289a1af1ffe7

                SHA1

                5a45711d035d9979a1bbf0bc31fc45d952dedded

                SHA256

                2723e60391fde51e3d319dbb725cd5781c40f9641bf9ce53f27d95c2af2fad75

                SHA512

                e8fff7e28be32edf46abaee2598c2f2503e65a97bd9f9f4a180a9da1aed4010a596dfb9f5512b29d02c1a0424f638f310755d474c35347c47dc1c3c2db04861d

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\DECRYPTION_ID.txt
                Filesize

                16B

                MD5

                b1cd07d8c346e344042066aee57ea45b

                SHA1

                1dd2a84bcf04a59c7d643c0852661e09a983630a

                SHA256

                47a9e1ce014c3ddeb3c19bbdfbe3671a5944f71313710ba2796e2ac058544322

                SHA512

                10fdb9478115a137535db230779adb7a1c80a9f78aa8934b1e23a71210a24e986a800371d0b9e1f693d095dc8b646ea77a67d144e172b362d8b27d406c3d0e37

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
                Filesize

                153KB

                MD5

                c73eac0c837c3c5caca3a885f46c17d9

                SHA1

                a0ca9511b40c9c2451986ce179016ec4014e9adb

                SHA256

                e609bf8406b61613f3e605d277cf445059974a4c71c3edd09fffae86a3c5dbfe

                SHA512

                157c92e561cd18876ab60faf8a3d8e62633e7750accb965e86f3202b0d5ff902d3ae51fb41592d9be22672e67a713291e469a09be57e6f77dd6343090324792a

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
                Filesize

                153KB

                MD5

                3d3c958c2106899715c40ceed1759b70

                SHA1

                de131ee1ad9ea255e5d9bcfa46a727cc6d841bfc

                SHA256

                52fd6940f6c21942360aac7d78b75724ff8c8d640cafcd432c6fba62d258d5f5

                SHA512

                3683acbac6384f719b9e69261eeb7c324b0090991fd9852aafc39f17b679c5c5133a6c8a09effc17e68e8bb2f1b740cd157226b5c293a935bc986c901a21d5b0

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
                Filesize

                54KB

                MD5

                d1c15784587717fe03448d0c4dc8dd5b

                SHA1

                f36ac101949a4fa8f604d561957fb9d3e1f73699

                SHA256

                4973313c1c003a27190fba0a43dda1be78891552c9fabaa0c65e0051965ceee7

                SHA512

                ef81b11962fb56a583c43ecdf0f8c66ef17850e85e56794b6c4ca328751609e4fe1fb1494e0e7315ff396510c467e440b74b62c105ce226f2fda49379d551a81

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
                Filesize

                106KB

                MD5

                2ecc319574b76994e76c4f971c820362

                SHA1

                8f3d04cab7c6be2220860ec391d75ba2f8f17b33

                SHA256

                123797c18b044fb5aeba5dcccaf9ef1df0b7553413e9433876f1f94b8cd0584f

                SHA512

                39c63668d424ff9efa625a82312edf5a30f7ca3edd896bd6ef1857ced02e5462cf191af54b6e55388b844fa5e50f77e3a6ce5b5983f61eb57a45c4b2fbb3567e

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll
                Filesize

                152KB

                MD5

                a451f94bf71b55142e64d65dda361e3d

                SHA1

                79dbdba2019c0bb2859cf2886ad4ceaadf769311

                SHA256

                42a708a61e3bb54ac63748ac47bb96ded6e32bbe927a87c8e57094110293c325

                SHA512

                a5336d7a3345a562214f8081459937f4c9c17882aa614fa514eea6ec7e3afd416e943560a92ecfe88ecc281729c9e6eefe2300d087b1ee510aaef0d3ac343803

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll
                Filesize

                148KB

                MD5

                1cf36fecacae95acaed46247090fd4b6

                SHA1

                4dcf048521b7c8fcba54d20f06be6ea60131bce1

                SHA256

                6eb4d985a52554d37c0efec1457258e4dfd4619ff0396c66e2f9a02d8381ce57

                SHA512

                7b6c660245ed236a12e4c7e36e30283b5d2736de2d419da60d4ab584016de24dd40f7c4d407c5a4cee3c1995d136a775f72ed2ca16c911d75a2c9c2f4b57a99c

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe
                Filesize

                149KB

                MD5

                4f6c3752e20422203d1bd00acb082ba5

                SHA1

                2d648879014bf464bf3ed640642c9f7665115ad4

                SHA256

                500eeeb1927f1fb9304a2167d6ea7e318d242da0c68e03f3ec60d704acfa0add

                SHA512

                310c78b0057ec044ce14eb4242729f958f4de2d3cb8cc8f8052d8b6ead5ff692a870ec027204dffb3fe3951e6c8bc5b59d6a21046c66643e7d14ac3a88c31271

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\Password_dll.txt
                Filesize

                1KB

                MD5

                cd73e5da7534c1cc75358e77bced80ba

                SHA1

                684301a030de00bf594f32dbc58e6caed663ecd5

                SHA256

                dd27eb7a55e7ef44d9d2e0cb92108637c8248d58532c22d59e8057e7da111580

                SHA512

                fb747890e36a0e9144bb23917118d6b14cd5ea20434d3f241ceb1de8a21c92539d9cac07bac8d17ae69bae754f941f9326203c06e95d86d7cf20a542af0f060e

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\Password_exe.txt
                Filesize

                2KB

                MD5

                68c7c951ecfca7322e1ecb486f42883e

                SHA1

                882b636e399f6566b98a20923ad8cfc166bab2c1

                SHA256

                706453b2bafdb0f723b55100d5034621f8a3b61822aad5a7bf875b6113017c74

                SHA512

                3135ccc918dbd9ea08432d2b92bf272716b039d3ca9b4b94a32e4774f41cdb148e347fbc89f3d1285a2fe7389585e13790fd226d9adf9eadc69ceeac931cdd65

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key
                Filesize

                344B

                MD5

                95dc3cc7a5702f8c2b7504f14a8d465f

                SHA1

                9a48c88b07ab58cb624bb0f9bc916865f0020f1d

                SHA256

                f89e7aafae18b96cbf6549ef855d2b8c0e48e694bdce8580f4b45781bd2d5f39

                SHA512

                e85cb3af3c68cbe65256571aefc481228d3f558723911b35fc63bb4f9f0946f0c179b3df4f0e908d81324d2a7ebbc2b6aaf20bbad9383093b7f8d0db8be8b5c6

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key
                Filesize

                344B

                MD5

                5c921d5218cded9ed1191cdc4ed97d7d

                SHA1

                eab783164203bd30ecd2f3420f028dd4e848025a

                SHA256

                b1d546da15b30f5552430eb895ea046ef6418cad31e066dc595d6a22f95be145

                SHA512

                12fb30c755dbc04c9f2a95e5d3dd50818306aab6ae4eba4a2483fb58b637a6a0d93bed3f0169fd23b8589d39562e5a9c0c4f5f77187e3359ad65975e6d80767a

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key
                Filesize

                344B

                MD5

                ba85a0b00c8a2cfeba6d94816855dad7

                SHA1

                0afdfad7a392faf24c070888104acbfb4643e3a6

                SHA256

                91ec37166dd39d7d443a47365a3d83b330aeff5ba0cfefc6c5b64abf793dc16f

                SHA512

                6c3a3404d3dc1dcb321d61cdc8bb0c55adfb3641ec32c9744ded3841b73fe01e29cdb5df6023717cb9af5d793883ae3eb309b893ca3340141f2c359be227df81

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key
                Filesize

                344B

                MD5

                875e12a5ff06453da1bf6e9b0ebaacc3

                SHA1

                d21e086adafa13fe0518ad64a5e266f2cf07f154

                SHA256

                0311e83b7c236a9c20a542b820c21c0f93191dffb27d9c73c72ebef69a4d1d6d

                SHA512

                4d21aa6875208e5af1865e0376e4a02a0d419e182af8872fa76414f34b5a9317ab39897b45d1052cdc5238944733a5db59398be9a1dc0218e50b06c87f453934

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
                Filesize

                469KB

                MD5

                c2bc344f6dde0573ea9acdfb6698bf4c

                SHA1

                d6ae7dc2462c8c35c4a074b0a62f07cfef873c77

                SHA256

                a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

                SHA512

                d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\config.json
                Filesize

                8KB

                MD5

                12d844f76f1b59029eb6dd618d74c537

                SHA1

                7f971c7abb62a16c42b07ad8ce6601f0ffe3bb8d

                SHA256

                af3f8aa4a82e548a4e0c3fbeec1f8199d540177c5ccdcc70b18325e736564d73

                SHA512

                df6359a3551f32c9f06a2073de46c88366b5d4506fe59d9eda8e25d32de4ffe1be344e03f87c70d294c63f7a2a86fb052e26b10a09850a96515c228df8f2301a

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe
                Filesize

                31KB

                MD5

                71c3b2f765b04d0b7ea0328f6ce0c4e2

                SHA1

                bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4

                SHA256

                ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37

                SHA512

                1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\DECRYPTION_ID.txt
                Filesize

                265B

                MD5

                16b246c332462f346104d9cb7993e2fc

                SHA1

                a1c90157a2947ea44fa61136f4bdd2383762f484

                SHA256

                819fb44b79b9d0fd1ebbdfbdbd11a6e914443fd3b165c379668722da4fab1fb6

                SHA512

                faafb915e4fb37a29471be5c86f81bf4bfcd66d12741e9d60ca738411af7c779129f49a69a518e3634aedb1a570776ad21d21f4d22c9ecb0d86a9baaeafe3bb2

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_dll.txt
                Filesize

                2KB

                MD5

                45edd11b2a1a7c1d20fea347e1e39cfa

                SHA1

                baede0d4289dc4d1fda78ebe5de0ae148b0bbb5a

                SHA256

                045acaeaa20eb67653d2ce844f22978a5f8a03a713e6706a50c5417ef09294ec

                SHA512

                cbf3bf0066ff59a5714c31c01dc03df987fb8f904ab3bb0395323b33e14354ec1a8a715b470cfda5402fe0ae2d67af3280ede3a11b0e6d978268df8955b59bce

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_exe.txt
                Filesize

                2KB

                MD5

                d1190dba7b884c4067b70935b6f87400

                SHA1

                a552564366fb1665942c690137f24b421959b07d

                SHA256

                a6f1fe0cc1bbcdec3030c70ecf3178fb463dae324ca6f2a8ab12486197069809

                SHA512

                cbec94a6e982b5815bc5dd71816258064cd771168733a55674923357410a3dd92ebac416baf6197183641d7642380b61f3cb2f849e4fa81f0012bf35a9db28b0

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\config.json
                Filesize

                8KB

                MD5

                e7668258531777020a31e4de7c3fa9cd

                SHA1

                03d59ccdb5b2e372a40f22b13c1749fa9cca922b

                SHA256

                0a2c2ade842c066bbad0906109653e6b128b2b45490894ba944756658c687256

                SHA512

                559385ffa36d9168c6fb3cfe86437c364a1c04178e82bb981a3c8fec45a2db356df4c3a772e8c50ac49d2f6aa8b6f3bf753e76132f442e150d32bf6d57f3f775

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\README.md
                Filesize

                1KB

                MD5

                de2fc436c090904a60e3bc594c9ebc4d

                SHA1

                afd4a7cd0c0593f450a8a4a58ce9d60db0298154

                SHA256

                35af2170638669384a4b9608571a4695445a1e9132a499a202f83e0e74831c2d

                SHA512

                5dc5567d63297801c4d8132f64746e651b0d10c2b55b7d7c0219e288422cb05ab71a8ab802cc60ee2adca904572d3c2b4c634eae8d13fc435c1b48ed22f290cf

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210605_Samsung Internet.jpg
                Filesize

                193KB

                MD5

                ca22983598722c7adace441d98beff01

                SHA1

                203a2894d27918dfae9a522d363b4ed7b5e1e1b0

                SHA256

                067a9b4333f96f9536294cbfdc5e5eb52663224b23faf57d37ea48e37e4ed349

                SHA512

                693cfc5fd13341bdfea90aa2b36226e5b6779eecccd49ccf94d565c96be9e2cc43ce1c9460cf4dbcfacd1328845bd12a238cacaf020bef1141cf4b6fb47a75a0

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210644_Samsung Internet.jpg
                Filesize

                198KB

                MD5

                472121f216a253c023757d3ff77fd70b

                SHA1

                8ddc9a8fc14d6433b46a6b1459c0095e165150b5

                SHA256

                84476dd41966d3c322d8656bac81b39314a47761480855bfb0d9bd4ba7a1594c

                SHA512

                dbb60b53654f95dd7e7d052b5f930e3ab782b5f2dace35d9fde0226a1d2896125baf81fb35221a98f627ba352c8eff3edd737b1ca0e79a13ed78f848f0cd83fa

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210706_Samsung Internet.jpg
                Filesize

                113KB

                MD5

                8d8d2990615965213d5cdcbacddfa196

                SHA1

                e603b82b7352a07d0d216e1d1beaf2b8aceb9cc1

                SHA256

                7e11eec011244ee5340943d63733aaa1e2b23c09df1f1f56c5c635d257e84d79

                SHA512

                1ec0ac2a526b4b13a26acb27ce570f9970d650cd41a77aba75f2ba34e200b02efcc18324d050001f96f41a6b8a4ac87d1db03b9b8ac569fcb00f01588b1f8c7c

                Download Submit

              • C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-211415_Twitter.jpg
                Filesize

                282KB

                MD5

                b26d3cc24506feca26dbfae9d1596fff

                SHA1

                4a4db11db35c30f98c8ff0fd1c798a2260d68909

                SHA256

                ba70a1f47bcf6fd31e9af2c614c9d5fc12078ea9df8194137e36694ed505a3ef

                SHA512

                86182f37ad5c99dc82aafb0843c564532262073f04f03101cfc5dbc7f20072b6794a93ccd145e28fe8734948ac4532444bfacf3d2792e062a6a0a09ded12110a

                Download Submit

              • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
                Filesize

                4KB

                MD5

                2ff21407b71a897c494f985c480df894

                SHA1

                26733d2753d63e997ec76c9e74186f09bf506e13

                SHA256

                db228bb5739580ad76f33a95608af05cad0f76fdb18b221210e8918108001577

                SHA512

                c2e2dc751e5ed73c9f421a6a9d87724e17be11e782d7e89706944fcff3b29dfd40515c3f3aea23cabdccba0fd5be2bbe92146c5987487a50dd7c7508a53adaff

                Download Submit

              • C:\eo9QMbQjw.README.txt
                Filesize

                6KB

                MD5

                b87473f20dc20eca4348504cfa031fcb

                SHA1

                1d277b2a1b028b74998441dcf1511d8f75a94501

                SHA256

                e7620d39069209be0cef96b18ac56fa756041973199defa037f6e939df125d30

                SHA512

                e97692b4b9710f221313fc08b17bc5587cc2507a1dcef3304510aff0afb17d973399b097e9bae7c03076d771953666c640018d8f6eb119d8fac0a6d59a1730a7

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-2410826464-2353372766-2364966905-1000\DDDDDDDDDDD
                Filesize

                129B

                MD5

                bb158a59e89ff6a30441c97d8aa09adf

                SHA1

                645cf08c0f975dca3525987e677ece1b9119b13a

                SHA256

                a00a8d8d0c44e20d5db4cc708cd37849472b882f1acaf16fb7fd7cf5d7eaf9a6

                SHA512

                a9622680849eb61d813e6580d70cb27421af7ff1a7c5c0da23ea70aadcff5a224218c38c59a680bcc45778a0946a96722af2b001d2a61ce8e80761e111eeab48

                Download Submit

              • memory/2804-2984-0x00007FFEE5A50000-0x00007FFEE5A60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-3051-0x00007FFEE5A50000-0x00007FFEE5A60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-3050-0x00007FFEE5A50000-0x00007FFEE5A60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-3049-0x00007FFEE5A50000-0x00007FFEE5A60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-2983-0x00007FFEE5A50000-0x00007FFEE5A60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-2982-0x00007FFEE5A50000-0x00007FFEE5A60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-2980-0x00007FFEE5A50000-0x00007FFEE5A60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-3014-0x00007FFEE3090000-0x00007FFEE30A0000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-3013-0x00007FFEE3090000-0x00007FFEE30A0000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-3052-0x00007FFEE5A50000-0x00007FFEE5A60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2804-2981-0x00007FFEE5A50000-0x00007FFEE5A60000-memory.dmp

                Filesize

                64KB

                Download

              • memory/4204-3630-0x0000000000400000-0x0000000000429000-memory.dmp

                Filesize

                164KB

                Download

              • memory/4204-3631-0x0000000000400000-0x0000000000429000-memory.dmp

                Filesize

                164KB

                Download