blackmatter | hxxps://github[.]com/Tennessene/LockBit

Analysis

max time kernel
57s
max time network
63s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
27/02/2025, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Tennessene/LockBit

Score

10^/10

blackmatter lockbit discovery ransomware

Malware Config

Extracted

Family

blackmatter

Version

25.239

Signatures

BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
ransomware blackmatter
Blackmatter family
blackmatter
Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit
Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001c00000002b052-319.dat	family_lockbit

Executes dropped EXE 11 IoCs

pid	Process
3536	keygen.exe
1996	builder.exe
248	builder.exe
4348	builder.exe
3960	builder.exe
1916	builder.exe
5024	builder.exe
2728	keygen.exe
696	keygen.exe
4824	builder.exe
4844	builder.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	keygen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	keygen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\LockBit-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
4512	msedge.exe
4512	msedge.exe
2580	msedge.exe
2580	msedge.exe
4204	msedge.exe
4204	msedge.exe
4796	identity_helper.exe
4796	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3712	7zG.exe
Token: 35	3712	7zG.exe
Token: SeSecurityPrivilege	3712	7zG.exe
Token: SeSecurityPrivilege	3712	7zG.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
3712	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 2904	4512	msedge.exe	81
PID 4512 wrote to memory of 2904	4512	msedge.exe	81
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3956	4512	msedge.exe	82
PID 4512 wrote to memory of 3240	4512	msedge.exe	83
PID 4512 wrote to memory of 3240	4512	msedge.exe	83
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84
PID 4512 wrote to memory of 3428	4512	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Tennessene/LockBit
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc041f3cb8,0x7ffc041f3cc8,0x7ffc041f3cd8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2184

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\LockBit-main\" -spe -an -ai#7zMap815:86:7zEvent6486
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3712

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\LockBit-main\Build.bat" "
1⤵
PID:4836
- C:\Users\Admin\Downloads\LockBit-main\keygen.exe
  keygen -path Build -pubkey pub.key -privkey priv.key
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3536
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type dec -privkey Build\priv.key -config config.json -ofile Build\LB3Decryptor.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1996
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -exe -pubkey Build\pub.key -config config.json -ofile Build\LB3.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:248
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -exe -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_pass.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4348
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -dll -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32.dll
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3960
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -dll -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32_pass.dll
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1916
- C:\Users\Admin\Downloads\LockBit-main\builder.exe
  builder -type enc -ref -pubkey Build\pub.key -config config.json -ofile Build\LB3_ReflectiveDll_DllMain.dll
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5024

C:\Users\Admin\Downloads\LockBit-main\keygen.exe
"C:\Users\Admin\Downloads\LockBit-main\keygen.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2728

C:\Users\Admin\Downloads\LockBit-main\keygen.exe
"C:\Users\Admin\Downloads\LockBit-main\keygen.exe"
1⤵
- Executes dropped EXE
PID:696

C:\Users\Admin\Downloads\LockBit-main\builder.exe
"C:\Users\Admin\Downloads\LockBit-main\builder.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4824

C:\Users\Admin\Downloads\LockBit-main\builder.exe
"C:\Users\Admin\Downloads\LockBit-main\builder.exe"
1⤵
- Executes dropped EXE
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b98903eec4d4ba62d58ef15c040a098c

SHA1
edbfd3947a194ddd1ee2e2edb465eb7a57f27cb3

SHA256
698d9fcc6775ee16a41017cf13ccd9614001c681b8a4da741a1851f1b9f48def

SHA512
ee53739c6c098c48a594768bbbbada27d9728034b85e0e67220be097007348162f257a31f0669bcd17ba142b10b110680c3b5b18f9c40b37e5fa1fe8124d27e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
afe073f7cd46dc621114e4f8757336cc

SHA1
2063f15f773ff434b375a1fe4c593bc91b31f2e0

SHA256
e54fed17731c51a64a17e37dc2511159e55b308f0a67939477494c15166ebffd

SHA512
bfe0b1bb10d93def5ed5104e8aac1d74991de2ad64042ebcb35ad43e3dc3bfdb47d126a3c6632238e68c8e227187ba05f81192b50843162134222446fdb0b25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
af6d5a1c93ac27422ec1b2969c3bde63

SHA1
9c263702d2dca9508d8e6f8920eb14c3310a2271

SHA256
077ae29fb195fc3a45ec431f87699163babc20336f5d9addb9062b3025da44b8

SHA512
97aad8d7e5cab1f27fcc10647534fb73f772e4dfd7efe521d420c5c27ece0e51484d6bd213a719ad2b0a89fbf07a86e1a5081c9b711f5ec1838fc892c9248cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
a6d346f58cbec0a6e4015327b25f1537

SHA1
750056e65a8b1c20b1a6051f5adcdf35821a6ac1

SHA256
1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

SHA512
74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58f02d6f25e0a5da70c57430d99ce04f

SHA1
b54692981dabb32e3eed9d44e23bd6a214064896

SHA256
47d3be7015db80565a13e4508b3258e9df169e8df3250d24cafecc33aad80258

SHA512
066027856ee3022c03daee0f50d9eb7e2bff398c53b9dbdbd917a5faa12bb1d5916ccbb9ddcf5eb902c71906fb56dc250e118c49fbd62260efe600f0f6c85dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f146117aeaad4729f2a356edd1e8538

SHA1
38c62f301421f41d159f12b0bc9380a644833c97

SHA256
b12d3e2df5c855f3cd834be3b854d9510b55bde02f67a9a277bbaf474d75aad3

SHA512
154933690616258cc82379903fe18d3162659c1e5e0dd06283c96804c08d7c0decfe1130c1088ef9be689d60d81f3dd9a6d6feadb7995587be6aeb58a89ec88f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8948e5bc0d29c0362d7d53394bbade3a

SHA1
56a9e585eb93bbc73b865219888857f454d0fdc2

SHA256
b8b45e380604ad733245cd5e993abae1c5feaf0a276f5cfb5488166c0b97cc4b

SHA512
f2a7d2f1d61f0b2685441fec45daff82f2067076fddb4c49f01a71cb84cc6d584d5277505e83e64f8570ebc7a0136c80b39d92f94122545e38a5651b3a123e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a9cce55a016fcdc30b0acb423ee6151

SHA1
f2dbc5743436f0420d4929023d54bef7129e2bc7

SHA256
b7ec3814b75c3758ecf28b88b7dbd864956598aac5404231a2cc9d9e1a6ca0b1

SHA512
adea8d6afc87f7820de639d6da0f1e991ab23d44ed979e7fb09828faa45794c39be4ebeb374f795d9ee35dcea3ab98559e9a98aef07f76d720e436252ab3db9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e6d22afec63888bb8651b912b11cd2d8

SHA1
56d5ac41e457fdc9b6235178730fd09a235663fb

SHA256
7a157abe65d0f74137dec11a80dfaa23e20a8da99579f6b07a4c49091e049c17

SHA512
7d22341450e762be80e1515e0b33830afefe32c27c5cc4b1b41508db090dcf1ae5f9f978ce53287a62b1ff043b3a6b0b76be21be49e5d1d98430ba7802aa8469

Download Submit
C:\Users\Admin\Downloads\LockBit-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build.bat

Filesize
1KB

MD5
b8f24efd1d30aac9d360db90c8717aee

SHA1
7d31372560f81ea24db57bb18d56143251a8b266

SHA256
95df1d82137315708931f1fc3411e891cd42d1cab413d4380b479788729248ed

SHA512
14ebf7905f15983593164d1c093bb99d098daf3963f1b7a913c1a9763acb950075a0d2cceab3558cce3e7269c2a2d5dacc2b3c6c55807b0b6bda6bfad62dd032

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build\priv.key

Filesize
344B

MD5
e075b9a14a7ed9ed3e2a22b19a3724f3

SHA1
504822d7241e8cb1741def5196194d35c6e08308

SHA256
fb16c9166a779e6a10e41fb6ca21283c99e65d6ac571933a9038a44d92f61c31

SHA512
bb4ed06f44d1a279c608574400b63348c27e6229614e273bb9c13da66111ace1bd95fb62c123bdd42a9a0ae2c293245a79d0eef7b5993c438735a06763ca4d59

Download Submit
C:\Users\Admin\Downloads\LockBit-main\Build\pub.key

Filesize
344B

MD5
efbc1bacb39d9e4d7d590f58980a1ca0

SHA1
efee01618f8b5f6bfb5c7c6401bc637f5cdb000f

SHA256
e97a59af5b92b8334b6dbc7fea125b3de95beb35f723d89d0ed1cc5a54f2e5b0

SHA512
5979cadab5121930b2f727509fcf60883c2ff39aa9936dd1e239ed22b2af9045f2b45c8cded1abdd7a0bd7627c8cade6490d0a09a3e5190faadf49e001305304

Download Submit
C:\Users\Admin\Downloads\LockBit-main\builder.exe

Filesize
469KB

MD5
c2bc344f6dde0573ea9acdfb6698bf4c

SHA1
d6ae7dc2462c8c35c4a074b0a62f07cfef873c77

SHA256
a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

SHA512
d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

Download Submit
C:\Users\Admin\Downloads\LockBit-main\config.json

Filesize
8KB

MD5
de177fa08e9b2eaa378760afd53be6b2

SHA1
a18050f9e5f2412955df4b868ffb866209d2b84a

SHA256
d121f4293160e0a39cbb184c032cd45baf1372db00cd33afb0e166ac0a60ac4c

SHA512
44f4e745013eaa7d95486c91457c23fd9694f859920766f0139cf5ca9c84ff6c82d59be9675dd1a0c7b3216464c85cf732dbbdb0e641a5e47cbbf1830f4a0a8c

Download Submit
C:\Users\Admin\Downloads\LockBit-main\keygen.exe

Filesize
31KB

MD5
71c3b2f765b04d0b7ea0328f6ce0c4e2

SHA1
bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4

SHA256
ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37

SHA512
1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 791212.crdownload

Filesize
292KB

MD5
68309717a780fd8b4d1a1680874d3e12

SHA1
4cfe4f5bbd98fa7e966184e647910d675cdbda43

SHA256
707bb3b958fbf4728d8a39b043e8df083e0fce1178dac60c0d984604ec23c881

SHA512
e16de0338b1e1487803d37da66d16bc2f2644138615cbce648ae355f088912a04d1ce128a44797ff8c4dfc53c998058432052746c98c687670e4100194013149

Download Submit