Analysis Overview
SHA256
34ae59b7acc09c2e82625640cae82c5158b649db1418ddbaa24138b51f1722c5
Threat Level: Known bad
The file LockBit-Black-Builder-main.zip was found to be: Known bad.
Malicious Activity Summary
Blackmatter family
Rule to detect Lockbit 3.0 ransomware Windows payload
BlackMatter Ransomware
Lockbit family
Lockbit
Renames multiple (663) files with added filename extension
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Indicator Removal: File Deletion
Sets desktop wallpaper using registry
Drops file in System32 directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Modifies Control Panel
Modifies registry class
Checks processor information in registry
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-26 18:10
Signatures
Blackmatter family
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-26 18:10
Reported
2024-11-26 18:17
Platform
win7-20240729-en
Max time kernel
361s
Max time network
362s
Command Line
Signatures
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main.zip"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-26 18:10
Reported
2024-11-26 18:28
Platform
win10v2004-20241007-en
Max time kernel
439s
Max time network
440s
Command Line
Signatures
BlackMatter Ransomware
Blackmatter family
Lockbit
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Renames multiple (663) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\ProgramData\C33C.tmp | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
Indicator Removal: File Deletion
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\spool\PRINTERS\PPz83w04uip0vhgh0qrb0o9k6ee.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPjq67czq15oa9gv9bdejtumbu.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\00002.SPL | C:\Windows\splwow64.exe | N/A |
| File created | C:\Windows\system32\spool\PRINTERS\PPlgsx0r6inyr655sy2sul7c8d.TMP | C:\Windows\system32\printfilterpipelinesvc.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\39rw8rOkT.bmp" | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\39rw8rOkT.bmp" | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\WallPaper | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\C33C.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\WallpaperStyle = "10" | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\39rw8rOkT\DefaultIcon | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\39rw8rOkT | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\39rw8rOkT\DefaultIcon\ = "C:\\ProgramData\\39rw8rOkT.ico" | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\39RW8ROKT\DEFAULTICON | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.39rw8rOkT | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.39rw8rOkT | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.39rw8rOkT\ = "39rw8rOkT" | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\39rw8rOkT | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\LockBit-Black-Builder-main.zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build.bat" "
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe
keygen -path C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
builder -type dec -privkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
builder -type enc -exe -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
builder -type enc -exe -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
builder -type enc -dll -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
builder -type enc -dll -pass -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
builder -type enc -ref -pubkey C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key -config config.json -ofile C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
"C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
/insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{12FF6261-C001-489C-BEB8-0D6F67ECCCC8}.xps" 133771183289160000
C:\ProgramData\C33C.tmp
"C:\ProgramData\C33C.tmp"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\C33C.tmp >> NUL
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
"C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.89.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 243.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build.bat
| MD5 | 1905cc9973206fea5050b737f9303fb4 |
| SHA1 | 497524177d9478a4b5dca3e73cc230be6abf4ce0 |
| SHA256 | e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb |
| SHA512 | 95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\Password_dll.txt
| MD5 | cd73e5da7534c1cc75358e77bced80ba |
| SHA1 | 684301a030de00bf594f32dbc58e6caed663ecd5 |
| SHA256 | dd27eb7a55e7ef44d9d2e0cb92108637c8248d58532c22d59e8057e7da111580 |
| SHA512 | fb747890e36a0e9144bb23917118d6b14cd5ea20434d3f241ceb1de8a21c92539d9cac07bac8d17ae69bae754f941f9326203c06e95d86d7cf20a542af0f060e |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32.dll
| MD5 | a451f94bf71b55142e64d65dda361e3d |
| SHA1 | 79dbdba2019c0bb2859cf2886ad4ceaadf769311 |
| SHA256 | 42a708a61e3bb54ac63748ac47bb96ded6e32bbe927a87c8e57094110293c325 |
| SHA512 | a5336d7a3345a562214f8081459937f4c9c17882aa614fa514eea6ec7e3afd416e943560a92ecfe88ecc281729c9e6eefe2300d087b1ee510aaef0d3ac343803 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_Rundll32_pass.dll
| MD5 | 1cf36fecacae95acaed46247090fd4b6 |
| SHA1 | 4dcf048521b7c8fcba54d20f06be6ea60131bce1 |
| SHA256 | 6eb4d985a52554d37c0efec1457258e4dfd4619ff0396c66e2f9a02d8381ce57 |
| SHA512 | 7b6c660245ed236a12e4c7e36e30283b5d2736de2d419da60d4ab584016de24dd40f7c4d407c5a4cee3c1995d136a775f72ed2ca16c911d75a2c9c2f4b57a99c |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_ReflectiveDll_DllMain.dll
| MD5 | 2ecc319574b76994e76c4f971c820362 |
| SHA1 | 8f3d04cab7c6be2220860ec391d75ba2f8f17b33 |
| SHA256 | 123797c18b044fb5aeba5dcccaf9ef1df0b7553413e9433876f1f94b8cd0584f |
| SHA512 | 39c63668d424ff9efa625a82312edf5a30f7ca3edd896bd6ef1857ced02e5462cf191af54b6e55388b844fa5e50f77e3a6ce5b5983f61eb57a45c4b2fbb3567e |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3_pass.exe
| MD5 | 4f6c3752e20422203d1bd00acb082ba5 |
| SHA1 | 2d648879014bf464bf3ed640642c9f7665115ad4 |
| SHA256 | 500eeeb1927f1fb9304a2167d6ea7e318d242da0c68e03f3ec60d704acfa0add |
| SHA512 | 310c78b0057ec044ce14eb4242729f958f4de2d3cb8cc8f8052d8b6ead5ff692a870ec027204dffb3fe3951e6c8bc5b59d6a21046c66643e7d14ac3a88c31271 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3Decryptor.exe
| MD5 | d1c15784587717fe03448d0c4dc8dd5b |
| SHA1 | f36ac101949a4fa8f604d561957fb9d3e1f73699 |
| SHA256 | 4973313c1c003a27190fba0a43dda1be78891552c9fabaa0c65e0051965ceee7 |
| SHA512 | ef81b11962fb56a583c43ecdf0f8c66ef17850e85e56794b6c4ca328751609e4fe1fb1494e0e7315ff396510c467e440b74b62c105ce226f2fda49379d551a81 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
| MD5 | c73eac0c837c3c5caca3a885f46c17d9 |
| SHA1 | a0ca9511b40c9c2451986ce179016ec4014e9adb |
| SHA256 | e609bf8406b61613f3e605d277cf445059974a4c71c3edd09fffae86a3c5dbfe |
| SHA512 | 157c92e561cd18876ab60faf8a3d8e62633e7750accb965e86f3202b0d5ff902d3ae51fb41592d9be22672e67a713291e469a09be57e6f77dd6343090324792a |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\DECRYPTION_ID.txt
| MD5 | b1cd07d8c346e344042066aee57ea45b |
| SHA1 | 1dd2a84bcf04a59c7d643c0852661e09a983630a |
| SHA256 | 47a9e1ce014c3ddeb3c19bbdfbe3671a5944f71313710ba2796e2ac058544322 |
| SHA512 | 10fdb9478115a137535db230779adb7a1c80a9f78aa8934b1e23a71210a24e986a800371d0b9e1f693d095dc8b646ea77a67d144e172b362d8b27d406c3d0e37 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key
| MD5 | ba85a0b00c8a2cfeba6d94816855dad7 |
| SHA1 | 0afdfad7a392faf24c070888104acbfb4643e3a6 |
| SHA256 | 91ec37166dd39d7d443a47365a3d83b330aeff5ba0cfefc6c5b64abf793dc16f |
| SHA512 | 6c3a3404d3dc1dcb321d61cdc8bb0c55adfb3641ec32c9744ded3841b73fe01e29cdb5df6023717cb9af5d793883ae3eb309b893ca3340141f2c359be227df81 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key
| MD5 | 95dc3cc7a5702f8c2b7504f14a8d465f |
| SHA1 | 9a48c88b07ab58cb624bb0f9bc916865f0020f1d |
| SHA256 | f89e7aafae18b96cbf6549ef855d2b8c0e48e694bdce8580f4b45781bd2d5f39 |
| SHA512 | e85cb3af3c68cbe65256571aefc481228d3f558723911b35fc63bb4f9f0946f0c179b3df4f0e908d81324d2a7ebbc2b6aaf20bbad9383093b7f8d0db8be8b5c6 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\Password_exe.txt
| MD5 | 68c7c951ecfca7322e1ecb486f42883e |
| SHA1 | 882b636e399f6566b98a20923ad8cfc166bab2c1 |
| SHA256 | 706453b2bafdb0f723b55100d5034621f8a3b61822aad5a7bf875b6113017c74 |
| SHA512 | 3135ccc918dbd9ea08432d2b92bf272716b039d3ca9b4b94a32e4774f41cdb148e347fbc89f3d1285a2fe7389585e13790fd226d9adf9eadc69ceeac931cdd65 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\keygen.exe
| MD5 | 71c3b2f765b04d0b7ea0328f6ce0c4e2 |
| SHA1 | bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4 |
| SHA256 | ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37 |
| SHA512 | 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\builder.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\config.json
| MD5 | 12d844f76f1b59029eb6dd618d74c537 |
| SHA1 | 7f971c7abb62a16c42b07ad8ce6601f0ffe3bb8d |
| SHA256 | af3f8aa4a82e548a4e0c3fbeec1f8199d540177c5ccdcc70b18325e736564d73 |
| SHA512 | df6359a3551f32c9f06a2073de46c88366b5d4506fe59d9eda8e25d32de4ffe1be344e03f87c70d294c63f7a2a86fb052e26b10a09850a96515c228df8f2301a |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\priv.key
| MD5 | 0a89203fe697121af3a5aaf10638ec7e |
| SHA1 | 440fa37ae234edf92e6524b639e19bad48f3054d |
| SHA256 | 0417484c6a995f9dae9bba0c321122334003d3a3366b500ecd94855c4e98caca |
| SHA512 | 934fff9340ba7ab594d8f72d44eec3e807a128f7578d14403f77b522dbd3ec83e111c4a7a7d16ef7657f5959c4ae1254be6e0e7d7f90cfd572ea1fa629d5f938 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\pub.key
| MD5 | 6bd8d30f8f6d4b271981ca8fc3f54e48 |
| SHA1 | c27652850c6856ae4e6fc2a2e90a58a793e1b64f |
| SHA256 | 42eaf387a0665268fa360d5aefb49b2678adf19558cb9a4bce9c15f006e53344 |
| SHA512 | 1151e5ba9953d99965bfaca9de1733ea7b8baacde65c67e77fc4ba7d1d63a5e997c5aa8d3b8d8eb27b3dcce93aa4696aab2fd9a6ae2db9e3bbfba43afcac826a |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit30\Build\LB3.exe
| MD5 | 58dc28a60950259adec70bbd93192437 |
| SHA1 | 16b8d6515c1ca1889c1642aee4759917b9686ed6 |
| SHA256 | f78f1467dc7ce9b89c22bdb2a04866fd57e3e76f80dc17228076d1e4507a71fa |
| SHA512 | d2b91e322bd80e4068fa9de2657a8ec710d3d62281d354bb45d9015c0608fb0adf92998d268b184d95fc5c498553b84482fdc63804381609ab4dae39f0fcf5f2 |
C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini
| MD5 | ce5cb5a9fb2217f413eb3457df045f69 |
| SHA1 | 79251087c9b93d03a164c9a553032eda84365b11 |
| SHA256 | 78269cc703c8fdd0d1de3ca6561239da825ac73de235efd12ad7465ece7fd02b |
| SHA512 | b2cf47317af25fff446fb4f477840caaec142893be3197d1531a758ad977dd61f3e301dba5dfd9deb9b84b70e1be40245360a511e36008857b01510d5b089aec |
F:\$RECYCLE.BIN\S-1-5-21-3350944739-639801879-157714471-1000\DDDDDDDDDDD
| MD5 | c1c1a03c3047b06842d92b511f333224 |
| SHA1 | cf2ef54f13e759d30590305595a5c49c3c269d0c |
| SHA256 | f69e3359fb1a5178691aba9a39862c14d228bb0ff44fbac761dc5469d6ba4a53 |
| SHA512 | 0e843cba93efbcd8806334c1a334368b51e4e822b03e21e3e41b1c3cbcba728a8493ab41038139324767a10f0528f5ba5a6baf3d177edc0d34f38bcbae720503 |
C:\Users\39rw8rOkT.README.txt
| MD5 | 7a01fa5b8b6633c141763bf236f43623 |
| SHA1 | a8f88ad57233b37605e2d7aa123739d9f057c4ef |
| SHA256 | 76cdc66179c5972dafe17b337005f3e0ff3c60419fe0dc73b129c65cefafeb3d |
| SHA512 | f1608a22805d761d7916af06eec874e9a536d0f7cf4d2596a3f1f5594ce18c02ad5aefb7ff345869baa2687374a784c7976bad05c3392727bbaefb9c5d7d9ad3 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210706_Samsung Internet.jpg
| MD5 | e1a47de78c0b4b695c893defbc9c4ec5 |
| SHA1 | 6f813045cc7cbef112a90ceb7af5a547c7d544da |
| SHA256 | 7b067ae527cad1930c38b1387cdfa32c6ff57b30a09db93a85f7ddbd3dccf73b |
| SHA512 | f8ae435e6089c2ec4faff51b06d86cdbb03ee2ebc3e1f3c3bb7e6eafc073ad5e6612e9488a1a79d8880f78c3e9ef5db93d99f08ec271b75d67ceb67a78d88491 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\config.json
| MD5 | 6da2be68250d08762e967ac7365fd053 |
| SHA1 | 22bba04927951db9f0152d8d4f3376fdcb4b64be |
| SHA256 | 7cb3b13d5be451cce31d61936d0b4d420f37e61b05edefeb1806366e8527ce4b |
| SHA512 | 73624fbbf15dca85ceaed2e9ff346558f35cb347280c35ab98192314a9625cefd24c70be22b5217c0a3a1b72ba28367be762e30f86b747d85bee90abc412d887 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_exe.txt
| MD5 | 51c137a112527afc7bdc375b3f3da3e3 |
| SHA1 | d90cad116bf2519ecf26d0e350ad083a0220ee71 |
| SHA256 | 204137ad9c040b8e6005e6ae6536dfa52c1cdea3d721f50c2dc5dc5976b4d866 |
| SHA512 | 968268a6ded501bbd88abfded4697ffad193097bc95a433b3fadda0c22c2e1192f581b9017d87b3ceafa9b25169f8745f81ee4598159ed9566d9316c01cdfc62 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_dll.txt
| MD5 | 2f781fd45dc720d5d2de62e0254df181 |
| SHA1 | aa15f45c76c27d9351501911243d4ff7f9249dcf |
| SHA256 | 17f3c3dc23cb224bfff8af8f95c8879766da6adbdc207e481b3af7ba02b6a742 |
| SHA512 | cf4df044297d7be80ce88fc62d2ddd612f3684c308a0a14c66c446969de6f8fe96d4a97c9abdd38ca902162d0dd9eeaa2dcebb0df91db7e868514216ebb7c434 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\DECRYPTION_ID.txt
| MD5 | c2b7a8360b062df21b863f137ceee7ed |
| SHA1 | 7d7bcf546a935b211ca37e8b73b2356097cd36ba |
| SHA256 | 72cd6ff9f047885ccd043ce4c7905ffd692a7ed601b1a39431d45634527b5126 |
| SHA512 | 8246ad7bff35f17aacd0af23c8d9f2886031be93609039451e2b694131a2eaadd2b37994f6b6a9755d9d3ae7d848a0387991ea32cefcc153ab9598f482fbe749 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-211415_Twitter.jpg
| MD5 | 309f63bc7966e9530ac09a8ce5affe2b |
| SHA1 | cf907a291fe4134726a4706ee3d18a517673296e |
| SHA256 | b08e86aafbe108ee74fddb76ebaac9b9bc08f60ef63e5d8e93fdba7852499984 |
| SHA512 | 70be31963bf12eda55fe96e1260a4e4cdc972319f668b1b8f2dbdadd95b528ca15c0e694b6b92a8b8cc7a27773b55c1a2b22dec558bac45a9adda6fc6538d7be |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210644_Samsung Internet.jpg
| MD5 | 056e4f54e2d27571775a9ba3f196085c |
| SHA1 | 96328ba497cfffe611eb8d9bf85ba1778bd2fb4b |
| SHA256 | df8ce933b5c130fe98da14dc98926d372ca93064307cd984a8e98c84c236f9f8 |
| SHA512 | aeae05e4ffa57d89f78ca9115814c704a3fd95b8c9ca94d54fb002e18eff8775187d20e1cc71fa261f4fe37a6d3f796f91ac02f060077f8ca3d04bfccd440357 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210605_Samsung Internet.jpg
| MD5 | 9451dc57e1e4c1a9d9df63e405778082 |
| SHA1 | 6d903d672fb2eb620c688c480cf67000a281e4e1 |
| SHA256 | 274a01ae546137572911b2c6916e42a8530a149c2e1e6051348ee4163249ef5e |
| SHA512 | dd535823b5b878f000c8dfa6b5e2d833d6eae4c9e1f2724da42d0aee884754b428cbcf4fab6983ebbacb5a938d765f0a7995511d00f52039729794437e141678 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\README.md
| MD5 | 6523e6a1f016ae4a4e5136744e05b48b |
| SHA1 | 61ef042d5fbea5de9af78674e4ca972f5c34d684 |
| SHA256 | 69386d08af0fd81ac662762a50a78a01adf9eb9fd120c13f57aa75667711329d |
| SHA512 | 0925605a6391917db6941c8713f88d44926678c05e8cb3b2778ec292a477ac6a7ce9f4fd65f995c70e2c9f2638794304748918fe596e5f0b926c2917fa0c0428 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LICENSE
| MD5 | 2dad0d1ee860cf1e02c2d99d94e6511a |
| SHA1 | 48af23aabf9e3cf440e28bce3891d8343d3e48e2 |
| SHA256 | 05d7cb048338b756e14f1abdade0378f39bf5dbc11f397724c33bd9d473197a6 |
| SHA512 | c0d1d64a27f7a894e788727b9222fb0c10cdd8c37b4c5ad8ec78716e19a698722462f3ef8efc7d61b0360f12a0f022147b7c4ee8c79031a51d79e00d20239f60 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\CC9FCD28-984A-4582-ADEB-929A010AE91B.png
| MD5 | 76483fb410b6e64c760fbf2cd7d92e33 |
| SHA1 | 2df21d099c97534deef5a120ed6b210c9c23102e |
| SHA256 | f6a7afa8b45645889f05314b6b79192686b916263e0025904eb9ff9c1534ee9b |
| SHA512 | bdae8ea91293cd8fc87fc9ec16857c33ccb863d297abc8757780c9c21060c1572d2bbb654de2f321e606851c1c29ebe53fdbf9181453dfdabbdae55ed7cacc83 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\B318F37E-49C8-4F61-B0F3-6FC2A76E39C9.jpeg
| MD5 | dc7c7377aab2e06980c69f95726deeec |
| SHA1 | 99d538be4665cfcc0f70e094943633bac4ee7ce6 |
| SHA256 | dd2b132e335fb14e7369b925ea1790ef24bde5adb3b8e552f9d2248fb5ecf89d |
| SHA512 | a58e339204c6736f7cf146f151ea7ba68a288295f3a22f2422d218d0ecd68e792f0073f2a1cf366a1d2064085321935631049709c16907fdc997c531d7b97202 |
memory/2928-2986-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp
memory/2928-2988-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp
memory/2928-2987-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp
memory/2928-2989-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp
memory/2928-2990-0x00007FFCB7890000-0x00007FFCB78A0000-memory.dmp
memory/2928-2993-0x00007FFCB5380000-0x00007FFCB5390000-memory.dmp
memory/2928-2994-0x00007FFCB5380000-0x00007FFCB5390000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{C65C29AE-9061-40F6-972D-5E73448BB863}
| MD5 | a612007ba09d9a68eee1fc0a97c3c68d |
| SHA1 | 08ed934de5cf427c35d605a5042c2325a9d60da1 |
| SHA256 | d4032e67000f40e1847f4ac6613573e82ea06fce71aab7df95f04d231c5f4042 |
| SHA512 | 9fe7762a94f00671cfc905c9b4a72a7beeb9eca9e8420fd2b49258bd1b499be2b0f59af66ba25229aeeed26e1f5cb4ca7e55d8f138f048bb4b26d9feaf2b8f9f |
C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
| MD5 | 0949d34f0fe32bd17c0610b7d9cce886 |
| SHA1 | 6c6009dfa6f35ae957523b1be3d9a0ef2b026d7c |
| SHA256 | a4ed3fd6c69502133e86749b9be118151ceb2ddc005f3cdbab06140bf9f2c6e7 |
| SHA512 | ba711cbb86cc09647ea80b0f8219bf86a516ba7e995d842c199a45c77c3661784e54f24b0b9ca2cf3089e19d19c27d3ffc1c89eaf7c2b63a43f8486f275114aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
| MD5 | b7c14ec6110fa820ca6b65f5aec85911 |
| SHA1 | 608eeb7488042453c9ca40f7e1398fc1a270f3f4 |
| SHA256 | fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb |
| SHA512 | d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
| MD5 | a48532ebe5aacbf29cd619709f5d9aa3 |
| SHA1 | 3bf8e40a26a21809a967d7d80381d08bec235c72 |
| SHA256 | 221dd06532dbd45ecc72cfc689e67aef51a3c4d501702c6617cbaa54d7c1096e |
| SHA512 | 4d4af9db3d5c7fbdae5e50816b0468dd4e6086b05c0e02736f95be7b9cb8973c9746cc0503389f26a8bf854fdc18da40d027368012313aa32fe07a4410d78f8f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat
| MD5 | a8308d2f3dde0745e8b678bf69a2ecd0 |
| SHA1 | c0ee6155b9b6913c69678f323e2eabfd377c479a |
| SHA256 | 7fbb3e503ed8a4a8e5d5fab601883cbb31d2e06d6b598460e570fb7a763ee555 |
| SHA512 | 9a86d28d40efc655390fea3b78396415ea1b915a1a0ec49bd67073825cfea1a8d94723277186e791614804a5ea2c12f97ac31fad2bf0d91e8e035bde2d026893 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656242963023.txt
| MD5 | d47bbfe6b8e407f307e33a7dc7b943a2 |
| SHA1 | 8b99bbac3ee65665a29afd17da6c7f86d2127090 |
| SHA256 | 74e9c18d87fb6a7b92532368e0fa74c776e6f3208c7a16561bf283c4084633e5 |
| SHA512 | 971336b5173d3ea271a498b9b5548d55708190bb641d258584b332aeaff3ce23ef76ac110e240de6af5fdbae89d14f4225f1ba7ab35542a3e2e4ac5a2e128011 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727657999741523.txt
| MD5 | 8f3954dbcd8e09cd23b0c32138bb9e0b |
| SHA1 | 5e5526529884943e3cc107cc74e8969e8eb0ff77 |
| SHA256 | 08577b0c116d5fffe3b75d60c17f6f079f0945045126ff51ee4200c44d274346 |
| SHA512 | e44900cce91f61e8b07af2b5fc6d31949521b4f5adf3eddf024b1d89387f7fb79ee70cd900e3da0ca44b258bb248fe6db8dfef38008faf57b373f2c833ebffa3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727664301340404.txt
| MD5 | 45f5e32d526230a0a91c803d040880ad |
| SHA1 | dc6d20324ac7f9f7c813b85bb895c9ed3f72bd3c |
| SHA256 | 94e414deb8664f125e96af25d50ffc6dcb9ebe556a8113cdadb09e7c8c0a290f |
| SHA512 | 7b2cd12e8129f8c63265c09fa93e333abc8a0d7b38cb6957f9719cc16ff38d1d6d3f5b728a6ddfebecd2f12957a9ef54bdf6607efcc868f7a7e92cdd44668d74 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727696966675373.txt
| MD5 | 1cf826e1f0fcdef2dc09a6bf466c2465 |
| SHA1 | 883a36edda80650e851cbcf6bcb23d1aaf241f72 |
| SHA256 | 68ff6b8f2b805872a802ff83ba71860fe84a86a58f7c33c41657194d3685847d |
| SHA512 | c4a6a152a764d5177bd76c20acc32ff68c3746bebdd0b2cea21f3d58c75479b3a4fa593d83874a8b67d0e9f9a85285cf8bb6a1f2c750206039bcee7ddca402e4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}
| MD5 | 8aaad0f4eb7d3c65f81c6e6b496ba889 |
| SHA1 | 231237a501b9433c292991e4ec200b25c1589050 |
| SHA256 | 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1 |
| SHA512 | 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc
| MD5 | eab75a01498a0489b0c35e8b7d0036e5 |
| SHA1 | fd80fe2630e0443d1a1cef2bdb21257f3a162f86 |
| SHA256 | fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47 |
| SHA512 | 2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210706_Samsung Internet.jpg
| MD5 | adb620535f83ea329f9790dfb31f8337 |
| SHA1 | 39c58dbefaf13a422ca986ccaf3607d8253d934f |
| SHA256 | 0deb73fb0e7c1511f5ab36a2fe0ee3f93968fa1f555ced9e7a7ee905bff513d4 |
| SHA512 | 0210a0e5b55697f52b67ade9f256b85bf2c09c8bc6574260a967c6710db4e936bcb6879fed22e0eb8f93b5af617d50c71e21a7d99a9b3275c6e2980dfbe35c97 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe
| MD5 | 2bd136eb4cb4539c66599b66221dbbba |
| SHA1 | 22532c9b312cce5d6e593955b795cb2ba2857124 |
| SHA256 | aec7c44a6c41813e7a0df059f38d60c3a4fbe51683d3f9d17e8daf67c0a5c8e6 |
| SHA512 | 22ef6a2565c30912f65e7b6f5e53981d514f3881e457dd7761bb4e7e286f22bba5e3ce6d0a2f7c02971d801a4e999e0d6ca4aa6b7bb935249cc947e2b3d2766a |
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
| MD5 | d1dd210d6b1312cb342b56d02bd5e651 |
| SHA1 | 1e5f8def40bb0cb0f7156b9c2bab9efb49cfb699 |
| SHA256 | bbd05cf6097ac9b1f89ea29d2542c1b7b67ee46848393895f5a9e43fa1f621e5 |
| SHA512 | 37a33d86aa47380aa21b17b41dfc8d04f464de7e71820900397436d0916e91b353f184cefe0ad16ae7902f0128aae786d78f14b58beee0c46d583cf1bfd557b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\cache2\entries\DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3
| MD5 | f5fc79bb3cbf854f9a5169170478714d |
| SHA1 | f5748e2e1825f8196fc1c6f78435ff85460ed5a0 |
| SHA256 | ed8e92ae9653f534ae6f26672d9a02871837e1dfed899a707191ce0a6dd84eaf |
| SHA512 | 2099bf934c8ac27f0ee35e697d37c9015f2a1428dc8e4fffbf51925501220c7796203a158c267dfca3c07a04e9c0c8201d71d1c8cd71a1ce9185dc72e700f3c5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_odbcad32_exe
| MD5 | 6f0d8710c462b5955d9d16745bdb1bfd |
| SHA1 | ed0545934a28799ef27dddcc0439d05dc40c47ac |
| SHA256 | 342f29784a85f25ec119d85e39267ec57a4c803fbc099f6c5ceb7761f8896cfd |
| SHA512 | 404085314a3cf37e8e66aecd314d63ea9711d05c1ecb714d531126e61b7bb9929e59e4a42cb736ddade1ac416d76477881d18b428bfd603fede3e9eeb7b6f8cb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_Documentation_url
| MD5 | bad093419be1135cfe9694ea77088c78 |
| SHA1 | 76204c7ca72cf666add9c9931389d635c82e8af0 |
| SHA256 | 136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c |
| SHA512 | 3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe
| MD5 | 53397b08309ff534a07d24635ba224ca |
| SHA1 | acb7765998078026e0b6ffbe57e72d8d454bc54c |
| SHA256 | 5c62803659067e9c56afca377104d8f187d0393f629ecd6863fb165cff588ad0 |
| SHA512 | bdfd047f5678f72e612875b69f1944b9afd94cc6b61740ff32380a22e37b9b86ca59efe52b7a58358c15f75ae7c04221a48060d1c0f338cf40c156f9187501d1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C804BBA7-FA5F-CBF7-8B55-2096E5F972CB}
| MD5 | 9f1ff11e31c55a87372e85612ca3c290 |
| SHA1 | c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d |
| SHA256 | 0c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893 |
| SHA512 | dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{30BD9A02-CB9A-93FD-A859-09C8803F2346}
| MD5 | 8ab0ccfe101f2a223bf9fc11f910ec64 |
| SHA1 | 86a7cf51b399bb786896fb77f59ee8b4844f5afe |
| SHA256 | 8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a |
| SHA512 | b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{48c84a80-4c5e-4d92-97dc-bee40633ef00}\Apps.index
| MD5 | 82567e8ca3687595bdb0b6558c60356e |
| SHA1 | 82f44b4f71364399af348ede9272d0f2f4d3b3d0 |
| SHA256 | 7fc80e49f43c07f83ec431f37a0b5b2461f21c5e22a7e83ae799533e065715a3 |
| SHA512 | f5d50385a24bdaf4a524289f0c89bdefa683c90527e1729e70079bd08b0786cb292bb5b6c531cb596914f489275180bbabf446700824bbd7e14ef647a3b6decc |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{b90a2f0c-d671-4477-84b7-77c4d78e34ba}\0.2.filtertrie.intermediate.txt
| MD5 | c204e9faaf8565ad333828beff2d786e |
| SHA1 | 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1 |
| SHA256 | d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f |
| SHA512 | e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{b90a2f0c-d671-4477-84b7-77c4d78e34ba}\0.1.filtertrie.intermediate.txt
| MD5 | 34bd1dfb9f72cf4f86e6df6da0a9e49a |
| SHA1 | 5f96d66f33c81c0b10df2128d3860e3cb7e89563 |
| SHA256 | 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c |
| SHA512 | e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96 |
C:\Users\Admin\AppData\Local\Temp\wct3B4.tmp
| MD5 | e516a60bc980095e8d156b1a99ab5eee |
| SHA1 | 238e243ffc12d4e012fd020c9822703109b987f6 |
| SHA256 | 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7 |
| SHA512 | 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58 |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
| MD5 | e8e0483c1fb791eb9451839273cee4ac |
| SHA1 | 05ee3c57d07a548b95fd3005c2e7ff5fcbe9067a |
| SHA256 | fcdded4b86c9dbfe1cf537d6aa7d185e994d1b2d92a3132262c15d8da662eab2 |
| SHA512 | 95e378a48fa52e787ad9a58c4261ce81f5320c64e109585601315c207fa3c390b7fffc6d394173daba74622c21f685f3af8cf8e2f46fe5edbda8dd9d3934e5cc |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\r0fco2xy.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\compatibility.ini
| MD5 | cc26e3da3f8a18ab0edaa8ba362f9efb |
| SHA1 | 4141308059d17d5d2d075bbbbd93450e2e1d1844 |
| SHA256 | c17ced564ba3438bd8fa8ca7d3c94897882692fa8676b4ea6bf4e260e971dedb |
| SHA512 | a5d1c757788a1b38e2f96cbd814961402bbf0a690b86ccf2a7793aab22e51dc4b5d3a2e18ec6a79fd15126955200b56f12f189e924cd0f6ccaeebb4bb5f9ae34 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\upgrade.jsonlz4-20240401114208
| MD5 | f72be0e6bb0eb0ce8493a04f0c9975e6 |
| SHA1 | d81e6318e4e7d7bd6594d2597dcfe984bd5d6e98 |
| SHA256 | 550f090f8e5b5bc120d0e2d47b2ebf70e3dad3d205871ac6be70198f9c80a626 |
| SHA512 | 1339c6e897865feac0a8a242b82077d5647d4b56c023e14526cec89c25fd24e043cab5bce291c32d654f5fc1d867715282fe86764593ebdfe94c519aff5b2184 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\Password_dll.txt
| MD5 | 7eb31ad3eb78323a3e46851dbe0cc3da |
| SHA1 | 3fc122fb34ba75b6662ff2e1f79be79f19f6e95f |
| SHA256 | 60f00b22305372a4373193678fa43b2d5b995d6506adeac97f44b617921c5ea3 |
| SHA512 | 89d2832276f0f5adba69322643e7504e7a3d51774212ce695254a7083ff21a04bbc769832726f2a2dfb8bc7898ebba80643df114fdebc7cc6372726fc890d572 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\LockBit3Builder\Build\DECRYPTION_ID.txt
| MD5 | 66fada8fcdaf1a5028f654e9eb557f53 |
| SHA1 | 3cacba05f54399b9909c9f84412c0ac8e9dc537c |
| SHA256 | d5d9b4cf26c57c01e1f75d3888acf1d0be760f0e77cff8268741f515bdc09b8b |
| SHA512 | 3cc21e9cfd48eb4f1fbe8f26cfb66afb0e8122c29e9d861d9ea34b3e87ed6d2f5939b8edc618072597b23e39fe2376998baa91d5572bafce8118133233a5302e |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-211415_Twitter.jpg
| MD5 | f6e98cba9e2277b190a9d18c55495196 |
| SHA1 | f390ad5bb33eab543af9802ac13ef3b5d49f585f |
| SHA256 | f881b9272cbd1e52e0158e8d6c1e7af1558315aea0bff5b98ed81b014d62c352 |
| SHA512 | 79fc0724964a63be5e81dabf13259a18f4922694f02e1ff9d8c7f54aa8e050d801480d088acadddaaaab6233955cd342f0578afddeafd26c161ec4cab41fd9ff |
C:\vcredist2010_x64.log.html
| MD5 | c3b14d16192deee588b237ff2a5f0b8b |
| SHA1 | f093b588339e3f6694faf8b7107872b011250c38 |
| SHA256 | 8cc72c90993dbf5f92b6e6d384e39896a367aff007d3c9c98ab51da708ee590c |
| SHA512 | c840d2fc21ef6519261d4b4bc7e2c625d44003de1a5db5d35583bae4abe0787ce59299585bd6f11058221064e68a7fbdc1ab285c8b70f01db7df5b684568d87e |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210644_Samsung Internet.jpg
| MD5 | 383d1f69b96175daed83e60eff175cf2 |
| SHA1 | 4d2a298788d0e23e5e11c6b294d74d95347001d9 |
| SHA256 | d0da3597686addc2f33e36db25fe4ce1e904d37b3ad20b7f4a207d1e4073c26c |
| SHA512 | dbc104476fafdceeabe8efcf5cef0e866434f868ce725ac22d33e6d6089d8730d4a21410734c3913d39947bff37579a78f11c9501eeb07cb12a27fd366fe5929 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\Screenshot_20220921-210605_Samsung Internet.jpg
| MD5 | 32efeaa214d2f3c0a64e215080b15f46 |
| SHA1 | 9892ccbe6767d879f87ea7307da3ecab27ae96cc |
| SHA256 | 947a686fb4bbdf6d4bd82abe7442653d107549cb8e70640665950857942822c8 |
| SHA512 | e1a166eae8a82b9dc13124959c588e8bdb6b74504cf1d109b66d205c8ef6a6ec3b2e6a56c390089c4d48221d9999f48b1db3b8ebb2a9f811b321dd64a30c7787 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\README.md
| MD5 | 921b32ec9708d96cc9f3a1c8f7be75ff |
| SHA1 | 3b8b6937c31b43ea425ef57ff8e6a0a80af17748 |
| SHA256 | a93397526208432c3ab6f1bda8983defdbafa0b42b2904b3fddf2a155f1973d1 |
| SHA512 | 97a2b42fc7b111a70849f1d28ce6c78f14c83a4610d90a72874e49989db495b8c6ac14c4185fb3ce87869cd8f84054743cc227a7218d83a34c86d8468ffb98ef |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\CC9FCD28-984A-4582-ADEB-929A010AE91B.png
| MD5 | 0d8f94ce55e00ea76780562a7b37eaa6 |
| SHA1 | f42e9722ddfadbdecf88eba77054504464895a2a |
| SHA256 | a9d23d9d6e31e3be0d6c3cb0c11b2b2de89a049e5e40c1315be9c95e5f91bc67 |
| SHA512 | b8379a826b25a38d1d460d36ef48c7367f2d67a2fd4a7bae49698eae376c7f389a891ce0c0375622f80ff72fa2d7d1eabffaba8a827756110a1cd3177c47f3f8 |
C:\Users\Admin\Desktop\LockBit-Black-Builder-main\B318F37E-49C8-4F61-B0F3-6FC2A76E39C9.jpeg
| MD5 | f2430f96603ba2513df0987af8e5ab65 |
| SHA1 | 4d8c47d649c753b1b629825cfc13f0d6a87a8586 |
| SHA256 | 2e0ca7909d2843b8c3ab104a205cb3eabdb1da9d772271218a77efa0e91947bd |
| SHA512 | 25909ed72bf87b3c5edef0e74602837b192b36df279c2bd74867f494835508f98ff3940b5de013e7c8c1dd1201a0f07d2fb1b479b2dfcc2f81caedc10e593949 |