blackmatter | 34ae59b7acc09c2e82625640cae82c5158b649db1418ddbaa24138b51f1722c5

Analysis

max time kernel
439s
max time network
440s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LockBit-Black-Builder-main.zip
Size

2.6MB
MD5

a5fbe0c5d0b5abd4dd0cb3bf69f3be6b
SHA1

fcc36b7c657a9187572ad3f527992b33c560f2e3
SHA256

34ae59b7acc09c2e82625640cae82c5158b649db1418ddbaa24138b51f1722c5
SHA512

a10b15c4368bbb836643d534a2c732c794bdac1034ca7c088ebd7c5333969763eea5be30977e6dd6b039e051e4b36acfef6fbb5129009d5bfd1eb75d706c7cdb
SSDEEP

49152:RXO172+O52uX9HaMAvqjw+6vfdTZseFqnC/6qZoAws4vxF8:Rp+OEuwy6ZDX/6woAws45C

Score

10^/10

blackmatter lockbit defense_evasion discovery ransomware spyware stealer

Malware Config

Extracted

Family

blackmatter

Version

25.239

Extracted

Path

C:\Users\39rw8rOkT.README.txt

Family

lockbit

Ransom Note

~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. You can obtain information about us on twitter https://twitter.com/hashtag/lockbit?f=live >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. Sometimes you will need to wait for our answer because we attack many companies. Links for Tor Browser: http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion Link for the normal browser http://lockbitsupp.uz If you do not get an answer in the chat room for a long time, the site does not work and in any other emergency, you can contact us in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] >>>> Your personal DECRYPTION ID: FD5CF507643308917D89CDF35D9C1B1A >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> Advertisement Would you like to earn millions of dollars $$$ ? Our company acquire access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. You can do it both using your work computer or the computer of any other employee in order to divert suspicion of being in collusion with us. Companies pay us the foreclosure for the decryption of files and prevention of data leak. You can contact us using Tox messenger without registration and SMS https://tox.chat/download.html. Using Tox messenger, we will never know your real name, it means your privacy is guaranteed. If you want to contact us, write in jabber or tox. Tox ID LockBitSupp: 3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D709C3C4AE9B7 XMPP (Jabber) Support: [email protected] [email protected] If this contact is expired, and we do not respond you, look for the relevant contact data on our website via Tor or Brave browser Links for Tor Browser: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion Links for the normal browser http://lockbitapt.uz http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

Emails

[email protected]

URLs

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion

http://lockbitapt.uz

http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly

http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly

http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly

http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly

http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly

http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly

http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly

http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly

https://twitter.com/hashtag/lockbit?f=live

Signatures

BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
ransomware blackmatter
Blackmatter family
blackmatter
Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit
Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 5 IoCs

Processes:

resource	yara_rule
behavioral2/files/0x0016000000023c3a-83.dat	family_lockbit
behavioral2/files/0x0008000000023c40-80.dat	family_lockbit
behavioral2/files/0x0008000000023c22-78.dat	family_lockbit
behavioral2/files/0x0008000000023c53-96.dat	family_lockbit
behavioral2/files/0x0003000000023398-113.dat	family_lockbit

Renames multiple (663) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

C33C.tmp

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	C33C.tmp

Executes dropped EXE 10 IoCs

Processes:

keygen.exebuilder.exebuilder.exebuilder.exebuilder.exebuilder.exebuilder.exeLB3.exeC33C.tmpLB3Decryptor.exe

pid	Process
1644	keygen.exe
2988	builder.exe
4780	builder.exe
4048	builder.exe
4340	builder.exe
816	builder.exe
3676	builder.exe
4248	LB3.exe
4796	C33C.tmp
3936	LB3Decryptor.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 2 IoCs

Processes:

LB3.exe

description	ioc	Process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini	LB3.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini	LB3.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in System32 directory 4 IoCs

Processes:

printfilterpipelinesvc.exesplwow64.exe

description	ioc	Process
File created	C:\Windows\system32\spool\PRINTERS\PPz83w04uip0vhgh0qrb0o9k6ee.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPjq67czq15oa9gv9bdejtumbu.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\00002.SPL	splwow64.exe
File created	C:\Windows\system32\spool\PRINTERS\PPlgsx0r6inyr655sy2sul7c8d.TMP	printfilterpipelinesvc.exe

Sets desktop wallpaper using registry 2 TTPs 3 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

LB3.exeLB3Decryptor.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\39rw8rOkT.bmp"	LB3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\39rw8rOkT.bmp"	LB3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\WallPaper	LB3Decryptor.exe

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

LB3.exeC33C.tmpkeygen.exebuilder.exebuilder.exebuilder.exebuilder.exebuilder.exeLB3Decryptor.exebuilder.execmd.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LB3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	C33C.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	keygen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LB3Decryptor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ONENOTE.EXE

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ONENOTE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

ONENOTE.EXE

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	ONENOTE.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	ONENOTE.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	ONENOTE.EXE

Modifies Control Panel 3 IoCs

evasion

Processes:

LB3.exeLB3Decryptor.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop	LB3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\WallpaperStyle = "10"	LB3.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop	LB3Decryptor.exe

Modifies registry class 9 IoCs

Processes:

LB3.exeOpenWith.exeLB3Decryptor.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\39rw8rOkT\DefaultIcon	LB3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\39rw8rOkT	LB3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\39rw8rOkT\DefaultIcon\ = "C:\\ProgramData\\39rw8rOkT.ico"	LB3.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	OpenWith.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\39RW8ROKT\DEFAULTICON	LB3Decryptor.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.39rw8rOkT	LB3Decryptor.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.39rw8rOkT	LB3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.39rw8rOkT\ = "39rw8rOkT"	LB3.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\39rw8rOkT	LB3Decryptor.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

ONENOTE.EXE

pid	Process
2928	ONENOTE.EXE
2928	ONENOTE.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

LB3.exe

pid	Process
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe
4248	LB3.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid	Process
3352	7zFM.exe

Suspicious behavior: RenamesItself 2 IoCs

Processes:

LB3.exeLB3Decryptor.exe

pid	Process
4248	LB3.exe
3936	LB3Decryptor.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exeLB3.exe

description	pid	Process
Token: SeRestorePrivilege	3352	7zFM.exe
Token: 35	3352	7zFM.exe
Token: SeSecurityPrivilege	3352	7zFM.exe
Token: SeAssignPrimaryTokenPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeDebugPrivilege	4248	LB3.exe
Token: 36	4248	LB3.exe
Token: SeImpersonatePrivilege	4248	LB3.exe
Token: SeIncBasePriorityPrivilege	4248	LB3.exe
Token: SeIncreaseQuotaPrivilege	4248	LB3.exe
Token: 33	4248	LB3.exe
Token: SeManageVolumePrivilege	4248	LB3.exe
Token: SeProfSingleProcessPrivilege	4248	LB3.exe
Token: SeRestorePrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSystemProfilePrivilege	4248	LB3.exe
Token: SeTakeOwnershipPrivilege	4248	LB3.exe
Token: SeShutdownPrivilege	4248	LB3.exe
Token: SeDebugPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeSecurityPrivilege	4248	LB3.exe
Token: SeBackupPrivilege	4248	LB3.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

7zFM.exe

pid	Process
3352	7zFM.exe
3352	7zFM.exe

Suspicious use of SetWindowsHookEx 17 IoCs

Processes:

ONENOTE.EXEOpenWith.exeLB3Decryptor.exe

pid	Process
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
2928	ONENOTE.EXE
3224	OpenWith.exe
3936	LB3Decryptor.exe

Suspicious use of WriteProcessMemory 29 IoCs

Processes:

cmd.exeLB3.exeprintfilterpipelinesvc.exe

description	pid	Process	procid_target
PID 3488 wrote to memory of 1644	3488	cmd.exe	107
PID 3488 wrote to memory of 1644	3488	cmd.exe	107
PID 3488 wrote to memory of 1644	3488	cmd.exe	107
PID 3488 wrote to memory of 2988	3488	cmd.exe	108
PID 3488 wrote to memory of 2988	3488	cmd.exe	108
PID 3488 wrote to memory of 2988	3488	cmd.exe	108
PID 3488 wrote to memory of 4780	3488	cmd.exe	109
PID 3488 wrote to memory of 4780	3488	cmd.exe	109
PID 3488 wrote to memory of 4780	3488	cmd.exe	109
PID 3488 wrote to memory of 4048	3488	cmd.exe	110
PID 3488 wrote to memory of 4048	3488	cmd.exe	110
PID 3488 wrote to memory of 4048	3488	cmd.exe	110
PID 3488 wrote to memory of 4340	3488	cmd.exe	111
PID 3488 wrote to memory of 4340	3488	cmd.exe	111
PID 3488 wrote to memory of 4340	3488	cmd.exe	111
PID 3488 wrote to memory of 816	3488	cmd.exe	112
PID 3488 wrote to memory of 816	3488	cmd.exe	112
PID 3488 wrote to memory of 816	3488	cmd.exe	112
PID 3488 wrote to memory of 3676	3488	cmd.exe	113
PID 3488 wrote to memory of 3676	3488	cmd.exe	113
PID 3488 wrote to memory of 3676	3488	cmd.exe	113
PID 4248 wrote to memory of 3980	4248	LB3.exe	118
PID 4248 wrote to memory of 3980	4248	LB3.exe	118
PID 2988 wrote to memory of 2928	2988	printfilterpipelinesvc.exe	122
PID 2988 wrote to memory of 2928	2988	printfilterpipelinesvc.exe	122
PID 4248 wrote to memory of 4796	4248	LB3.exe	124
PID 4248 wrote to memory of 4796	4248	LB3.exe	124
PID 4248 wrote to memory of 4796	4248	LB3.exe	124
PID 4248 wrote to memory of 4796	4248	LB3.exe	124

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3352

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4044

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:3488
- C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe
  keygen -path C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build -pubkey pub.key -privkey priv.key
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1644
- C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
  builder -type dec -privkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2988
- C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
  builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4780
- C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
  builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4048
- C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
  builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4340
- C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
  builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:816
- C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
  builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3676

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
"C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe"
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  - Drops file in System32 directory
  PID:3980
- C:\ProgramData\C33C.tmp
  "C:\ProgramData\C33C.tmp"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4796
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C33C.tmp >> NUL
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:4432

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
  /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{12FF6261-C001-489C-BEB8-0D6F67ECCCC8}.xps" 133771183289160000
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:2928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3224

C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini

Filesize
129B

MD5
ce5cb5a9fb2217f413eb3457df045f69

SHA1
79251087c9b93d03a164c9a553032eda84365b11

SHA256
78269cc703c8fdd0d1de3ca6561239da825ac73de235efd12ad7465ece7fd02b

SHA512
b2cf47317af25fff446fb4f477840caaec142893be3197d1531a758ad977dd61f3e301dba5dfd9deb9b84b70e1be40245360a511e36008857b01510d5b089aec

Download Submit
C:\Users\39rw8rOkT.README.txt

Filesize
6KB

MD5
7a01fa5b8b6633c141763bf236f43623

SHA1
a8f88ad57233b37605e2d7aa123739d9f057c4ef

SHA256
76cdc66179c5972dafe17b337005f3e0ff3c60419fe0dc73b129c65cefafeb3d

SHA512
f1608a22805d761d7916af06eec874e9a536d0f7cf4d2596a3f1f5594ce18c02ad5aefb7ff345869baa2687374a784c7976bad05c3392727bbaefb9c5d7d9ad3

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
e8e0483c1fb791eb9451839273cee4ac

SHA1
05ee3c57d07a548b95fd3005c2e7ff5fcbe9067a

SHA256
fcdded4b86c9dbfe1cf537d6aa7d185e994d1b2d92a3132262c15d8da662eab2

SHA512
95e378a48fa52e787ad9a58c4261ce81f5320c64e109585601315c207fa3c390b7fffc6d394173daba74622c21f685f3af8cf8e2f46fe5edbda8dd9d3934e5cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

Filesize
3.0MB

MD5
d1dd210d6b1312cb342b56d02bd5e651

SHA1
1e5f8def40bb0cb0f7156b9c2bab9efb49cfb699

SHA256
bbd05cf6097ac9b1f89ea29d2542c1b7b67ee46848393895f5a9e43fa1f621e5

SHA512
37a33d86aa47380aa21b17b41dfc8d04f464de7e71820900397436d0916e91b353f184cefe0ad16ae7902f0128aae786d78f14b58beee0c46d583cf1bfd557b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\cache2\entries\DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3

Filesize
16KB

MD5
f5fc79bb3cbf854f9a5169170478714d

SHA1
f5748e2e1825f8196fc1c6f78435ff85460ed5a0

SHA256
ed8e92ae9653f534ae6f26672d9a02871837e1dfed899a707191ce0a6dd84eaf

SHA512
2099bf934c8ac27f0ee35e697d37c9015f2a1428dc8e4fffbf51925501220c7796203a158c267dfca3c07a04e9c0c8201d71d1c8cd71a1ce9185dc72e700f3c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{30BD9A02-CB9A-93FD-A859-09C8803F2346}

Filesize
36KB

MD5
8ab0ccfe101f2a223bf9fc11f910ec64

SHA1
86a7cf51b399bb786896fb77f59ee8b4844f5afe

SHA256
8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a

SHA512
b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}

Filesize
36KB

MD5
8aaad0f4eb7d3c65f81c6e6b496ba889

SHA1
231237a501b9433c292991e4ec200b25c1589050

SHA256
813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

SHA512
1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C804BBA7-FA5F-CBF7-8B55-2096E5F972CB}

Filesize
36KB

MD5
9f1ff11e31c55a87372e85612ca3c290

SHA1
c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d

SHA256
0c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893

SHA512
dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe

Filesize
36KB

MD5
2bd136eb4cb4539c66599b66221dbbba

SHA1
22532c9b312cce5d6e593955b795cb2ba2857124

SHA256
aec7c44a6c41813e7a0df059f38d60c3a4fbe51683d3f9d17e8daf67c0a5c8e6

SHA512
22ef6a2565c30912f65e7b6f5e53981d514f3881e457dd7761bb4e7e286f22bba5e3ce6d0a2f7c02971d801a4e999e0d6ca4aa6b7bb935249cc947e2b3d2766a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc

Filesize
36KB

MD5
eab75a01498a0489b0c35e8b7d0036e5

SHA1
fd80fe2630e0443d1a1cef2bdb21257f3a162f86

SHA256
fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47

SHA512
2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe

Filesize
36KB

MD5
53397b08309ff534a07d24635ba224ca

SHA1
acb7765998078026e0b6ffbe57e72d8d454bc54c

SHA256
5c62803659067e9c56afca377104d8f187d0393f629ecd6863fb165cff588ad0

SHA512
bdfd047f5678f72e612875b69f1944b9afd94cc6b61740ff32380a22e37b9b86ca59efe52b7a58358c15f75ae7c04221a48060d1c0f338cf40c156f9187501d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_Documentation_url

Filesize
36KB

MD5
bad093419be1135cfe9694ea77088c78

SHA1
76204c7ca72cf666add9c9931389d635c82e8af0

SHA256
136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c

SHA512
3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_odbcad32_exe

Filesize
36KB

MD5
6f0d8710c462b5955d9d16745bdb1bfd

SHA1
ed0545934a28799ef27dddcc0439d05dc40c47ac

SHA256
342f29784a85f25ec119d85e39267ec57a4c803fbc099f6c5ceb7761f8896cfd

SHA512
404085314a3cf37e8e66aecd314d63ea9711d05c1ecb714d531126e61b7bb9929e59e4a42cb736ddade1ac416d76477881d18b428bfd603fede3e9eeb7b6f8cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{48c84a80-4c5e-4d92-97dc-bee40633ef00}\Apps.index

Filesize
1.0MB

MD5
82567e8ca3687595bdb0b6558c60356e

SHA1
82f44b4f71364399af348ede9272d0f2f4d3b3d0

SHA256
7fc80e49f43c07f83ec431f37a0b5b2461f21c5e22a7e83ae799533e065715a3

SHA512
f5d50385a24bdaf4a524289f0c89bdefa683c90527e1729e70079bd08b0786cb292bb5b6c531cb596914f489275180bbabf446700824bbd7e14ef647a3b6decc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{b90a2f0c-d671-4477-84b7-77c4d78e34ba}\0.1.filtertrie.intermediate.txt

Filesize
5B

MD5
34bd1dfb9f72cf4f86e6df6da0a9e49a

SHA1
5f96d66f33c81c0b10df2128d3860e3cb7e89563

SHA256
8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

SHA512
e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{b90a2f0c-d671-4477-84b7-77c4d78e34ba}\0.2.filtertrie.intermediate.txt

Filesize
5B

MD5
c204e9faaf8565ad333828beff2d786e

SHA1
7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

SHA256
d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

SHA512
e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656242963023.txt

Filesize
77KB

MD5
d47bbfe6b8e407f307e33a7dc7b943a2

SHA1
8b99bbac3ee65665a29afd17da6c7f86d2127090

SHA256
74e9c18d87fb6a7b92532368e0fa74c776e6f3208c7a16561bf283c4084633e5

SHA512
971336b5173d3ea271a498b9b5548d55708190bb641d258584b332aeaff3ce23ef76ac110e240de6af5fdbae89d14f4225f1ba7ab35542a3e2e4ac5a2e128011

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727657999741523.txt

Filesize
47KB

MD5
8f3954dbcd8e09cd23b0c32138bb9e0b

SHA1
5e5526529884943e3cc107cc74e8969e8eb0ff77

SHA256
08577b0c116d5fffe3b75d60c17f6f079f0945045126ff51ee4200c44d274346

SHA512
e44900cce91f61e8b07af2b5fc6d31949521b4f5adf3eddf024b1d89387f7fb79ee70cd900e3da0ca44b258bb248fe6db8dfef38008faf57b373f2c833ebffa3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727664301340404.txt

Filesize
65KB

MD5
45f5e32d526230a0a91c803d040880ad

SHA1
dc6d20324ac7f9f7c813b85bb895c9ed3f72bd3c

SHA256
94e414deb8664f125e96af25d50ffc6dcb9ebe556a8113cdadb09e7c8c0a290f

SHA512
7b2cd12e8129f8c63265c09fa93e333abc8a0d7b38cb6957f9719cc16ff38d1d6d3f5b728a6ddfebecd2f12957a9ef54bdf6607efcc868f7a7e92cdd44668d74

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727696966675373.txt

Filesize
75KB

MD5
1cf826e1f0fcdef2dc09a6bf466c2465

SHA1
883a36edda80650e851cbcf6bcb23d1aaf241f72

SHA256
68ff6b8f2b805872a802ff83ba71860fe84a86a58f7c33c41657194d3685847d

SHA512
c4a6a152a764d5177bd76c20acc32ff68c3746bebdd0b2cea21f3d58c75479b3a4fa593d83874a8b67d0e9f9a85285cf8bb6a1f2c750206039bcee7ddca402e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat

Filesize
8KB

MD5
a8308d2f3dde0745e8b678bf69a2ecd0

SHA1
c0ee6155b9b6913c69678f323e2eabfd377c479a

SHA256
7fbb3e503ed8a4a8e5d5fab601883cbb31d2e06d6b598460e570fb7a763ee555

SHA512
9a86d28d40efc655390fea3b78396415ea1b915a1a0ec49bd67073825cfea1a8d94723277186e791614804a5ea2c12f97ac31fad2bf0d91e8e035bde2d026893

Download Submit
C:\Users\Admin\AppData\Local\Temp\wct3B4.tmp

Filesize
63KB

MD5
e516a60bc980095e8d156b1a99ab5eee

SHA1
238e243ffc12d4e012fd020c9822703109b987f6

SHA256
543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

SHA512
9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C65C29AE-9061-40F6-972D-5E73448BB863}

Filesize
4KB

MD5
a612007ba09d9a68eee1fc0a97c3c68d

SHA1
08ed934de5cf427c35d605a5042c2325a9d60da1

SHA256
d4032e67000f40e1847f4ac6613573e82ea06fce71aab7df95f04d231c5f4042

SHA512
9fe7762a94f00671cfc905c9b4a72a7beeb9eca9e8420fd2b49258bd1b499be2b0f59af66ba25229aeeed26e1f5cb4ca7e55d8f138f048bb4b26d9feaf2b8f9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\r0fco2xy.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\compatibility.ini

Filesize
200B

MD5
cc26e3da3f8a18ab0edaa8ba362f9efb

SHA1
4141308059d17d5d2d075bbbbd93450e2e1d1844

SHA256
c17ced564ba3438bd8fa8ca7d3c94897882692fa8676b4ea6bf4e260e971dedb

SHA512
a5d1c757788a1b38e2f96cbd814961402bbf0a690b86ccf2a7793aab22e51dc4b5d3a2e18ec6a79fd15126955200b56f12f189e924cd0f6ccaeebb4bb5f9ae34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\upgrade.jsonlz4-20240401114208

Filesize
873B

MD5
f72be0e6bb0eb0ce8493a04f0c9975e6

SHA1
d81e6318e4e7d7bd6594d2597dcfe984bd5d6e98

SHA256
550f090f8e5b5bc120d0e2d47b2ebf70e3dad3d205871ac6be70198f9c80a626

SHA512
1339c6e897865feac0a8a242b82077d5647d4b56c023e14526cec89c25fd24e043cab5bce291c32d654f5fc1d867715282fe86764593ebdfe94c519aff5b2184

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm

Filesize
32KB

MD5
b7c14ec6110fa820ca6b65f5aec85911

SHA1
608eeb7488042453c9ca40f7e1398fc1a270f3f4

SHA256
fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

SHA512
d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite

Filesize
48KB

MD5
a48532ebe5aacbf29cd619709f5d9aa3

SHA1
3bf8e40a26a21809a967d7d80381d08bec235c72

SHA256
221dd06532dbd45ecc72cfc689e67aef51a3c4d501702c6617cbaa54d7c1096e

SHA512
4d4af9db3d5c7fbdae5e50816b0468dd4e6086b05c0e02736f95be7b9cb8973c9746cc0503389f26a8bf854fdc18da40d027368012313aa32fe07a4410d78f8f

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\B318F37E-49C8-4F61-B0F3-6FC2A76E39C9.jpeg

Filesize
69KB

MD5
f2430f96603ba2513df0987af8e5ab65

SHA1
4d8c47d649c753b1b629825cfc13f0d6a87a8586

SHA256
2e0ca7909d2843b8c3ab104a205cb3eabdb1da9d772271218a77efa0e91947bd

SHA512
25909ed72bf87b3c5edef0e74602837b192b36df279c2bd74867f494835508f98ff3940b5de013e7c8c1dd1201a0f07d2fb1b479b2dfcc2f81caedc10e593949

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\B318F37E-49C8-4F61-B0F3-6FC2A76E39C9.jpeg

Filesize
69KB

MD5
dc7c7377aab2e06980c69f95726deeec

SHA1
99d538be4665cfcc0f70e094943633bac4ee7ce6

SHA256
dd2b132e335fb14e7369b925ea1790ef24bde5adb3b8e552f9d2248fb5ecf89d

SHA512
a58e339204c6736f7cf146f151ea7ba68a288295f3a22f2422d218d0ecd68e792f0073f2a1cf366a1d2064085321935631049709c16907fdc997c531d7b97202

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\CC9FCD28-984A-4582-ADEB-929A010AE91B.png

Filesize
119KB

MD5
0d8f94ce55e00ea76780562a7b37eaa6

SHA1
f42e9722ddfadbdecf88eba77054504464895a2a

SHA256
a9d23d9d6e31e3be0d6c3cb0c11b2b2de89a049e5e40c1315be9c95e5f91bc67

SHA512
b8379a826b25a38d1d460d36ef48c7367f2d67a2fd4a7bae49698eae376c7f389a891ce0c0375622f80ff72fa2d7d1eabffaba8a827756110a1cd3177c47f3f8

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\CC9FCD28-984A-4582-ADEB-929A010AE91B.png

Filesize
119KB

MD5
76483fb410b6e64c760fbf2cd7d92e33

SHA1
2df21d099c97534deef5a120ed6b210c9c23102e

SHA256
f6a7afa8b45645889f05314b6b79192686b916263e0025904eb9ff9c1534ee9b

SHA512
bdae8ea91293cd8fc87fc9ec16857c33ccb863d297abc8757780c9c21060c1572d2bbb654de2f321e606851c1c29ebe53fdbf9181453dfdabbdae55ed7cacc83

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LICENSE

Filesize
34KB

MD5
2dad0d1ee860cf1e02c2d99d94e6511a

SHA1
48af23aabf9e3cf440e28bce3891d8343d3e48e2

SHA256
05d7cb048338b756e14f1abdade0378f39bf5dbc11f397724c33bd9d473197a6

SHA512
c0d1d64a27f7a894e788727b9222fb0c10cdd8c37b4c5ad8ec78716e19a698722462f3ef8efc7d61b0360f12a0f022147b7c4ee8c79031a51d79e00d20239f60

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build.bat

Filesize
733B

MD5
1905cc9973206fea5050b737f9303fb4

SHA1
497524177d9478a4b5dca3e73cc230be6abf4ce0

SHA256
e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb

SHA512
95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\DECRYPTION_ID.txt

Filesize
16B

MD5
b1cd07d8c346e344042066aee57ea45b

SHA1
1dd2a84bcf04a59c7d643c0852661e09a983630a

SHA256
47a9e1ce014c3ddeb3c19bbdfbe3671a5944f71313710ba2796e2ac058544322

SHA512
10fdb9478115a137535db230779adb7a1c80a9f78aa8934b1e23a71210a24e986a800371d0b9e1f693d095dc8b646ea77a67d144e172b362d8b27d406c3d0e37

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe

Filesize
153KB

MD5
58dc28a60950259adec70bbd93192437

SHA1
16b8d6515c1ca1889c1642aee4759917b9686ed6

SHA256
f78f1467dc7ce9b89c22bdb2a04866fd57e3e76f80dc17228076d1e4507a71fa

SHA512
d2b91e322bd80e4068fa9de2657a8ec710d3d62281d354bb45d9015c0608fb0adf92998d268b184d95fc5c498553b84482fdc63804381609ab4dae39f0fcf5f2

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe

Filesize
153KB

MD5
c73eac0c837c3c5caca3a885f46c17d9

SHA1
a0ca9511b40c9c2451986ce179016ec4014e9adb

SHA256
e609bf8406b61613f3e605d277cf445059974a4c71c3edd09fffae86a3c5dbfe

SHA512
157c92e561cd18876ab60faf8a3d8e62633e7750accb965e86f3202b0d5ff902d3ae51fb41592d9be22672e67a713291e469a09be57e6f77dd6343090324792a

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe

Filesize
54KB

MD5
d1c15784587717fe03448d0c4dc8dd5b

SHA1
f36ac101949a4fa8f604d561957fb9d3e1f73699

SHA256
4973313c1c003a27190fba0a43dda1be78891552c9fabaa0c65e0051965ceee7

SHA512
ef81b11962fb56a583c43ecdf0f8c66ef17850e85e56794b6c4ca328751609e4fe1fb1494e0e7315ff396510c467e440b74b62c105ce226f2fda49379d551a81

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll

Filesize
106KB

MD5
2ecc319574b76994e76c4f971c820362

SHA1
8f3d04cab7c6be2220860ec391d75ba2f8f17b33

SHA256
123797c18b044fb5aeba5dcccaf9ef1df0b7553413e9433876f1f94b8cd0584f

SHA512
39c63668d424ff9efa625a82312edf5a30f7ca3edd896bd6ef1857ced02e5462cf191af54b6e55388b844fa5e50f77e3a6ce5b5983f61eb57a45c4b2fbb3567e

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll

Filesize
152KB

MD5
a451f94bf71b55142e64d65dda361e3d

SHA1
79dbdba2019c0bb2859cf2886ad4ceaadf769311

SHA256
42a708a61e3bb54ac63748ac47bb96ded6e32bbe927a87c8e57094110293c325

SHA512
a5336d7a3345a562214f8081459937f4c9c17882aa614fa514eea6ec7e3afd416e943560a92ecfe88ecc281729c9e6eefe2300d087b1ee510aaef0d3ac343803

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll

Filesize
148KB

MD5
1cf36fecacae95acaed46247090fd4b6

SHA1
4dcf048521b7c8fcba54d20f06be6ea60131bce1

SHA256
6eb4d985a52554d37c0efec1457258e4dfd4619ff0396c66e2f9a02d8381ce57

SHA512
7b6c660245ed236a12e4c7e36e30283b5d2736de2d419da60d4ab584016de24dd40f7c4d407c5a4cee3c1995d136a775f72ed2ca16c911d75a2c9c2f4b57a99c

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe

Filesize
149KB

MD5
4f6c3752e20422203d1bd00acb082ba5

SHA1
2d648879014bf464bf3ed640642c9f7665115ad4

SHA256
500eeeb1927f1fb9304a2167d6ea7e318d242da0c68e03f3ec60d704acfa0add

SHA512
310c78b0057ec044ce14eb4242729f958f4de2d3cb8cc8f8052d8b6ead5ff692a870ec027204dffb3fe3951e6c8bc5b59d6a21046c66643e7d14ac3a88c31271

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\Password_dll.txt

Filesize
1KB

MD5
cd73e5da7534c1cc75358e77bced80ba

SHA1
684301a030de00bf594f32dbc58e6caed663ecd5

SHA256
dd27eb7a55e7ef44d9d2e0cb92108637c8248d58532c22d59e8057e7da111580

SHA512
fb747890e36a0e9144bb23917118d6b14cd5ea20434d3f241ceb1de8a21c92539d9cac07bac8d17ae69bae754f941f9326203c06e95d86d7cf20a542af0f060e

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\Password_exe.txt

Filesize
2KB

MD5
68c7c951ecfca7322e1ecb486f42883e

SHA1
882b636e399f6566b98a20923ad8cfc166bab2c1

SHA256
706453b2bafdb0f723b55100d5034621f8a3b61822aad5a7bf875b6113017c74

SHA512
3135ccc918dbd9ea08432d2b92bf272716b039d3ca9b4b94a32e4774f41cdb148e347fbc89f3d1285a2fe7389585e13790fd226d9adf9eadc69ceeac931cdd65

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key

Filesize
344B

MD5
95dc3cc7a5702f8c2b7504f14a8d465f

SHA1
9a48c88b07ab58cb624bb0f9bc916865f0020f1d

SHA256
f89e7aafae18b96cbf6549ef855d2b8c0e48e694bdce8580f4b45781bd2d5f39

SHA512
e85cb3af3c68cbe65256571aefc481228d3f558723911b35fc63bb4f9f0946f0c179b3df4f0e908d81324d2a7ebbc2b6aaf20bbad9383093b7f8d0db8be8b5c6

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key

Filesize
344B

MD5
0a89203fe697121af3a5aaf10638ec7e

SHA1
440fa37ae234edf92e6524b639e19bad48f3054d

SHA256
0417484c6a995f9dae9bba0c321122334003d3a3366b500ecd94855c4e98caca

SHA512
934fff9340ba7ab594d8f72d44eec3e807a128f7578d14403f77b522dbd3ec83e111c4a7a7d16ef7657f5959c4ae1254be6e0e7d7f90cfd572ea1fa629d5f938

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key

Filesize
344B

MD5
ba85a0b00c8a2cfeba6d94816855dad7

SHA1
0afdfad7a392faf24c070888104acbfb4643e3a6

SHA256
91ec37166dd39d7d443a47365a3d83b330aeff5ba0cfefc6c5b64abf793dc16f

SHA512
6c3a3404d3dc1dcb321d61cdc8bb0c55adfb3641ec32c9744ded3841b73fe01e29cdb5df6023717cb9af5d793883ae3eb309b893ca3340141f2c359be227df81

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key

Filesize
344B

MD5
6bd8d30f8f6d4b271981ca8fc3f54e48

SHA1
c27652850c6856ae4e6fc2a2e90a58a793e1b64f

SHA256
42eaf387a0665268fa360d5aefb49b2678adf19558cb9a4bce9c15f006e53344

SHA512
1151e5ba9953d99965bfaca9de1733ea7b8baacde65c67e77fc4ba7d1d63a5e997c5aa8d3b8d8eb27b3dcce93aa4696aab2fd9a6ae2db9e3bbfba43afcac826a

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe

Filesize
469KB

MD5
c2bc344f6dde0573ea9acdfb6698bf4c

SHA1
d6ae7dc2462c8c35c4a074b0a62f07cfef873c77

SHA256
a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

SHA512
d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\config.json

Filesize
8KB

MD5
12d844f76f1b59029eb6dd618d74c537

SHA1
7f971c7abb62a16c42b07ad8ce6601f0ffe3bb8d

SHA256
af3f8aa4a82e548a4e0c3fbeec1f8199d540177c5ccdcc70b18325e736564d73

SHA512
df6359a3551f32c9f06a2073de46c88366b5d4506fe59d9eda8e25d32de4ffe1be344e03f87c70d294c63f7a2a86fb052e26b10a09850a96515c228df8f2301a

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe

Filesize
31KB

MD5
71c3b2f765b04d0b7ea0328f6ce0c4e2

SHA1
bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4

SHA256
ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37

SHA512
1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\DECRYPTION_ID.txt

Filesize
16B

MD5
66fada8fcdaf1a5028f654e9eb557f53

SHA1
3cacba05f54399b9909c9f84412c0ac8e9dc537c

SHA256
d5d9b4cf26c57c01e1f75d3888acf1d0be760f0e77cff8268741f515bdc09b8b

SHA512
3cc21e9cfd48eb4f1fbe8f26cfb66afb0e8122c29e9d861d9ea34b3e87ed6d2f5939b8edc618072597b23e39fe2376998baa91d5572bafce8118133233a5302e

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\DECRYPTION_ID.txt

Filesize
265B

MD5
c2b7a8360b062df21b863f137ceee7ed

SHA1
7d7bcf546a935b211ca37e8b73b2356097cd36ba

SHA256
72cd6ff9f047885ccd043ce4c7905ffd692a7ed601b1a39431d45634527b5126

SHA512
8246ad7bff35f17aacd0af23c8d9f2886031be93609039451e2b694131a2eaadd2b37994f6b6a9755d9d3ae7d848a0387991ea32cefcc153ab9598f482fbe749

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_dll.txt

Filesize
1KB

MD5
7eb31ad3eb78323a3e46851dbe0cc3da

SHA1
3fc122fb34ba75b6662ff2e1f79be79f19f6e95f

SHA256
60f00b22305372a4373193678fa43b2d5b995d6506adeac97f44b617921c5ea3

SHA512
89d2832276f0f5adba69322643e7504e7a3d51774212ce695254a7083ff21a04bbc769832726f2a2dfb8bc7898ebba80643df114fdebc7cc6372726fc890d572

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_dll.txt

Filesize
2KB

MD5
2f781fd45dc720d5d2de62e0254df181

SHA1
aa15f45c76c27d9351501911243d4ff7f9249dcf

SHA256
17f3c3dc23cb224bfff8af8f95c8879766da6adbdc207e481b3af7ba02b6a742

SHA512
cf4df044297d7be80ce88fc62d2ddd612f3684c308a0a14c66c446969de6f8fe96d4a97c9abdd38ca902162d0dd9eeaa2dcebb0df91db7e868514216ebb7c434

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_exe.txt

Filesize
2KB

MD5
51c137a112527afc7bdc375b3f3da3e3

SHA1
d90cad116bf2519ecf26d0e350ad083a0220ee71

SHA256
204137ad9c040b8e6005e6ae6536dfa52c1cdea3d721f50c2dc5dc5976b4d866

SHA512
968268a6ded501bbd88abfded4697ffad193097bc95a433b3fadda0c22c2e1192f581b9017d87b3ceafa9b25169f8745f81ee4598159ed9566d9316c01cdfc62

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\config.json

Filesize
8KB

MD5
6da2be68250d08762e967ac7365fd053

SHA1
22bba04927951db9f0152d8d4f3376fdcb4b64be

SHA256
7cb3b13d5be451cce31d61936d0b4d420f37e61b05edefeb1806366e8527ce4b

SHA512
73624fbbf15dca85ceaed2e9ff346558f35cb347280c35ab98192314a9625cefd24c70be22b5217c0a3a1b72ba28367be762e30f86b747d85bee90abc412d887

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\README.md

Filesize
1KB

MD5
921b32ec9708d96cc9f3a1c8f7be75ff

SHA1
3b8b6937c31b43ea425ef57ff8e6a0a80af17748

SHA256
a93397526208432c3ab6f1bda8983defdbafa0b42b2904b3fddf2a155f1973d1

SHA512
97a2b42fc7b111a70849f1d28ce6c78f14c83a4610d90a72874e49989db495b8c6ac14c4185fb3ce87869cd8f84054743cc227a7218d83a34c86d8468ffb98ef

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\README.md

Filesize
1KB

MD5
6523e6a1f016ae4a4e5136744e05b48b

SHA1
61ef042d5fbea5de9af78674e4ca972f5c34d684

SHA256
69386d08af0fd81ac662762a50a78a01adf9eb9fd120c13f57aa75667711329d

SHA512
0925605a6391917db6941c8713f88d44926678c05e8cb3b2778ec292a477ac6a7ce9f4fd65f995c70e2c9f2638794304748918fe596e5f0b926c2917fa0c0428

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210605_Samsung Internet.jpg

Filesize
193KB

MD5
32efeaa214d2f3c0a64e215080b15f46

SHA1
9892ccbe6767d879f87ea7307da3ecab27ae96cc

SHA256
947a686fb4bbdf6d4bd82abe7442653d107549cb8e70640665950857942822c8

SHA512
e1a166eae8a82b9dc13124959c588e8bdb6b74504cf1d109b66d205c8ef6a6ec3b2e6a56c390089c4d48221d9999f48b1db3b8ebb2a9f811b321dd64a30c7787

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210605_Samsung Internet.jpg

Filesize
193KB

MD5
9451dc57e1e4c1a9d9df63e405778082

SHA1
6d903d672fb2eb620c688c480cf67000a281e4e1

SHA256
274a01ae546137572911b2c6916e42a8530a149c2e1e6051348ee4163249ef5e

SHA512
dd535823b5b878f000c8dfa6b5e2d833d6eae4c9e1f2724da42d0aee884754b428cbcf4fab6983ebbacb5a938d765f0a7995511d00f52039729794437e141678

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210644_Samsung Internet.jpg

Filesize
198KB

MD5
383d1f69b96175daed83e60eff175cf2

SHA1
4d2a298788d0e23e5e11c6b294d74d95347001d9

SHA256
d0da3597686addc2f33e36db25fe4ce1e904d37b3ad20b7f4a207d1e4073c26c

SHA512
dbc104476fafdceeabe8efcf5cef0e866434f868ce725ac22d33e6d6089d8730d4a21410734c3913d39947bff37579a78f11c9501eeb07cb12a27fd366fe5929

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210644_Samsung Internet.jpg

Filesize
198KB

MD5
056e4f54e2d27571775a9ba3f196085c

SHA1
96328ba497cfffe611eb8d9bf85ba1778bd2fb4b

SHA256
df8ce933b5c130fe98da14dc98926d372ca93064307cd984a8e98c84c236f9f8

SHA512
aeae05e4ffa57d89f78ca9115814c704a3fd95b8c9ca94d54fb002e18eff8775187d20e1cc71fa261f4fe37a6d3f796f91ac02f060077f8ca3d04bfccd440357

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210706_Samsung Internet.jpg

Filesize
112KB

MD5
adb620535f83ea329f9790dfb31f8337

SHA1
39c58dbefaf13a422ca986ccaf3607d8253d934f

SHA256
0deb73fb0e7c1511f5ab36a2fe0ee3f93968fa1f555ced9e7a7ee905bff513d4

SHA512
0210a0e5b55697f52b67ade9f256b85bf2c09c8bc6574260a967c6710db4e936bcb6879fed22e0eb8f93b5af617d50c71e21a7d99a9b3275c6e2980dfbe35c97

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210706_Samsung Internet.jpg

Filesize
113KB

MD5
e1a47de78c0b4b695c893defbc9c4ec5

SHA1
6f813045cc7cbef112a90ceb7af5a547c7d544da

SHA256
7b067ae527cad1930c38b1387cdfa32c6ff57b30a09db93a85f7ddbd3dccf73b

SHA512
f8ae435e6089c2ec4faff51b06d86cdbb03ee2ebc3e1f3c3bb7e6eafc073ad5e6612e9488a1a79d8880f78c3e9ef5db93d99f08ec271b75d67ceb67a78d88491

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-211415_Twitter.jpg

Filesize
282KB

MD5
f6e98cba9e2277b190a9d18c55495196

SHA1
f390ad5bb33eab543af9802ac13ef3b5d49f585f

SHA256
f881b9272cbd1e52e0158e8d6c1e7af1558315aea0bff5b98ed81b014d62c352

SHA512
79fc0724964a63be5e81dabf13259a18f4922694f02e1ff9d8c7f54aa8e050d801480d088acadddaaaab6233955cd342f0578afddeafd26c161ec4cab41fd9ff

Download Submit
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-211415_Twitter.jpg

Filesize
282KB

MD5
309f63bc7966e9530ac09a8ce5affe2b

SHA1
cf907a291fe4134726a4706ee3d18a517673296e

SHA256
b08e86aafbe108ee74fddb76ebaac9b9bc08f60ef63e5d8e93fdba7852499984

SHA512
70be31963bf12eda55fe96e1260a4e4cdc972319f668b1b8f2dbdadd95b528ca15c0e694b6b92a8b8cc7a27773b55c1a2b22dec558bac45a9adda6fc6538d7be

Download Submit
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2

Filesize
4KB

MD5
0949d34f0fe32bd17c0610b7d9cce886

SHA1
6c6009dfa6f35ae957523b1be3d9a0ef2b026d7c

SHA256
a4ed3fd6c69502133e86749b9be118151ceb2ddc005f3cdbab06140bf9f2c6e7

SHA512
ba711cbb86cc09647ea80b0f8219bf86a516ba7e995d842c199a45c77c3661784e54f24b0b9ca2cf3089e19d19c27d3ffc1c89eaf7c2b63a43f8486f275114aa

Download Submit
C:\vcredist2010_x64.log.html

Filesize
85KB

MD5
c3b14d16192deee588b237ff2a5f0b8b

SHA1
f093b588339e3f6694faf8b7107872b011250c38

SHA256
8cc72c90993dbf5f92b6e6d384e39896a367aff007d3c9c98ab51da708ee590c

SHA512
c840d2fc21ef6519261d4b4bc7e2c625d44003de1a5db5d35583bae4abe0787ce59299585bd6f11058221064e68a7fbdc1ab285c8b70f01db7df5b684568d87e

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3350944739-639801879-157714471-1000\DDDDDDDDDDD

Filesize
129B

MD5
c1c1a03c3047b06842d92b511f333224

SHA1
cf2ef54f13e759d30590305595a5c49c3c269d0c

SHA256
f69e3359fb1a5178691aba9a39862c14d228bb0ff44fbac761dc5469d6ba4a53

SHA512
0e843cba93efbcd8806334c1a334368b51e4e822b03e21e3e41b1c3cbcba728a8493ab41038139324767a10f0528f5ba5a6baf3d177edc0d34f38bcbae720503

Download Submit
memory/2928-2994-0x00007FFCB5380000-0x00007FFCB5390000-memory.dmp

Filesize
64KB

Download
memory/2928-2993-0x00007FFCB5380000-0x00007FFCB5390000-memory.dmp

Filesize
64KB

Download
memory/2928-2989-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp

Filesize
64KB

Download
memory/2928-2990-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp

Filesize
64KB

Download
memory/2928-2986-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp

Filesize
64KB

Download
memory/2928-2988-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp

Filesize
64KB

Download
memory/2928-2987-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp

Filesize
64KB

Download