Analysis Overview
Threat Level: Known bad
The file https://github.com/Tennessene/LockBit was found to be: Known bad.
Malicious Activity Summary
Blackmatter family
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
Lockbit
BlackMatter Ransomware
Executes dropped EXE
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-02-27 23:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-27 23:37
Reported
2025-02-27 23:38
Platform
win11-20250217-en
Max time kernel
57s
Max time network
63s
Command Line
Signatures
BlackMatter Ransomware
Blackmatter family
Lockbit
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\keygen.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\keygen.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\keygen.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LockBit-main\keygen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LockBit-main\keygen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LockBit-main\builder.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\LockBit-main.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Tennessene/LockBit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc041f3cb8,0x7ffc041f3cc8,0x7ffc041f3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,13386119865019637053,6177162241666851361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\LockBit-main\" -spe -an -ai#7zMap815:86:7zEvent6486
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\LockBit-main\Build.bat" "
C:\Users\Admin\Downloads\LockBit-main\keygen.exe
keygen -path Build -pubkey pub.key -privkey priv.key
C:\Users\Admin\Downloads\LockBit-main\builder.exe
builder -type dec -privkey Build\priv.key -config config.json -ofile Build\LB3Decryptor.exe
C:\Users\Admin\Downloads\LockBit-main\builder.exe
builder -type enc -exe -pubkey Build\pub.key -config config.json -ofile Build\LB3.exe
C:\Users\Admin\Downloads\LockBit-main\builder.exe
builder -type enc -exe -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_pass.exe
C:\Users\Admin\Downloads\LockBit-main\builder.exe
builder -type enc -dll -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32.dll
C:\Users\Admin\Downloads\LockBit-main\builder.exe
builder -type enc -dll -pass -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32_pass.dll
C:\Users\Admin\Downloads\LockBit-main\builder.exe
builder -type enc -ref -pubkey Build\pub.key -config config.json -ofile Build\LB3_ReflectiveDll_DllMain.dll
C:\Users\Admin\Downloads\LockBit-main\keygen.exe
"C:\Users\Admin\Downloads\LockBit-main\keygen.exe"
C:\Users\Admin\Downloads\LockBit-main\keygen.exe
"C:\Users\Admin\Downloads\LockBit-main\keygen.exe"
C:\Users\Admin\Downloads\LockBit-main\builder.exe
"C:\Users\Admin\Downloads\LockBit-main\builder.exe"
C:\Users\Admin\Downloads\LockBit-main\builder.exe
"C:\Users\Admin\Downloads\LockBit-main\builder.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | afe073f7cd46dc621114e4f8757336cc |
| SHA1 | 2063f15f773ff434b375a1fe4c593bc91b31f2e0 |
| SHA256 | e54fed17731c51a64a17e37dc2511159e55b308f0a67939477494c15166ebffd |
| SHA512 | bfe0b1bb10d93def5ed5104e8aac1d74991de2ad64042ebcb35ad43e3dc3bfdb47d126a3c6632238e68c8e227187ba05f81192b50843162134222446fdb0b25f |
\??\pipe\LOCAL\crashpad_4512_LBRAQNKIFRKHYTFT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b98903eec4d4ba62d58ef15c040a098c |
| SHA1 | edbfd3947a194ddd1ee2e2edb465eb7a57f27cb3 |
| SHA256 | 698d9fcc6775ee16a41017cf13ccd9614001c681b8a4da741a1851f1b9f48def |
| SHA512 | ee53739c6c098c48a594768bbbbada27d9728034b85e0e67220be097007348162f257a31f0669bcd17ba142b10b110680c3b5b18f9c40b37e5fa1fe8124d27e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 58f02d6f25e0a5da70c57430d99ce04f |
| SHA1 | b54692981dabb32e3eed9d44e23bd6a214064896 |
| SHA256 | 47d3be7015db80565a13e4508b3258e9df169e8df3250d24cafecc33aad80258 |
| SHA512 | 066027856ee3022c03daee0f50d9eb7e2bff398c53b9dbdbd917a5faa12bb1d5916ccbb9ddcf5eb902c71906fb56dc250e118c49fbd62260efe600f0f6c85dfd |
C:\Users\Admin\Downloads\Unconfirmed 791212.crdownload
| MD5 | 68309717a780fd8b4d1a1680874d3e12 |
| SHA1 | 4cfe4f5bbd98fa7e966184e647910d675cdbda43 |
| SHA256 | 707bb3b958fbf4728d8a39b043e8df083e0fce1178dac60c0d984604ec23c881 |
| SHA512 | e16de0338b1e1487803d37da66d16bc2f2644138615cbce648ae355f088912a04d1ce128a44797ff8c4dfc53c998058432052746c98c687670e4100194013149 |
C:\Users\Admin\Downloads\LockBit-main.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7a9cce55a016fcdc30b0acb423ee6151 |
| SHA1 | f2dbc5743436f0420d4929023d54bef7129e2bc7 |
| SHA256 | b7ec3814b75c3758ecf28b88b7dbd864956598aac5404231a2cc9d9e1a6ca0b1 |
| SHA512 | adea8d6afc87f7820de639d6da0f1e991ab23d44ed979e7fb09828faa45794c39be4ebeb374f795d9ee35dcea3ab98559e9a98aef07f76d720e436252ab3db9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f146117aeaad4729f2a356edd1e8538 |
| SHA1 | 38c62f301421f41d159f12b0bc9380a644833c97 |
| SHA256 | b12d3e2df5c855f3cd834be3b854d9510b55bde02f67a9a277bbaf474d75aad3 |
| SHA512 | 154933690616258cc82379903fe18d3162659c1e5e0dd06283c96804c08d7c0decfe1130c1088ef9be689d60d81f3dd9a6d6feadb7995587be6aeb58a89ec88f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e6d22afec63888bb8651b912b11cd2d8 |
| SHA1 | 56d5ac41e457fdc9b6235178730fd09a235663fb |
| SHA256 | 7a157abe65d0f74137dec11a80dfaa23e20a8da99579f6b07a4c49091e049c17 |
| SHA512 | 7d22341450e762be80e1515e0b33830afefe32c27c5cc4b1b41508db090dcf1ae5f9f978ce53287a62b1ff043b3a6b0b76be21be49e5d1d98430ba7802aa8469 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | af6d5a1c93ac27422ec1b2969c3bde63 |
| SHA1 | 9c263702d2dca9508d8e6f8920eb14c3310a2271 |
| SHA256 | 077ae29fb195fc3a45ec431f87699163babc20336f5d9addb9062b3025da44b8 |
| SHA512 | 97aad8d7e5cab1f27fcc10647534fb73f772e4dfd7efe521d420c5c27ece0e51484d6bd213a719ad2b0a89fbf07a86e1a5081c9b711f5ec1838fc892c9248cad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8948e5bc0d29c0362d7d53394bbade3a |
| SHA1 | 56a9e585eb93bbc73b865219888857f454d0fdc2 |
| SHA256 | b8b45e380604ad733245cd5e993abae1c5feaf0a276f5cfb5488166c0b97cc4b |
| SHA512 | f2a7d2f1d61f0b2685441fec45daff82f2067076fddb4c49f01a71cb84cc6d584d5277505e83e64f8570ebc7a0136c80b39d92f94122545e38a5651b3a123e91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a6d346f58cbec0a6e4015327b25f1537 |
| SHA1 | 750056e65a8b1c20b1a6051f5adcdf35821a6ac1 |
| SHA256 | 1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56 |
| SHA512 | 74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89 |
C:\Users\Admin\Downloads\LockBit-main\Build.bat
| MD5 | b8f24efd1d30aac9d360db90c8717aee |
| SHA1 | 7d31372560f81ea24db57bb18d56143251a8b266 |
| SHA256 | 95df1d82137315708931f1fc3411e891cd42d1cab413d4380b479788729248ed |
| SHA512 | 14ebf7905f15983593164d1c093bb99d098daf3963f1b7a913c1a9763acb950075a0d2cceab3558cce3e7269c2a2d5dacc2b3c6c55807b0b6bda6bfad62dd032 |
C:\Users\Admin\Downloads\LockBit-main\keygen.exe
| MD5 | 71c3b2f765b04d0b7ea0328f6ce0c4e2 |
| SHA1 | bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4 |
| SHA256 | ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37 |
| SHA512 | 1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035 |
C:\Users\Admin\Downloads\LockBit-main\builder.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
C:\Users\Admin\Downloads\LockBit-main\config.json
| MD5 | de177fa08e9b2eaa378760afd53be6b2 |
| SHA1 | a18050f9e5f2412955df4b868ffb866209d2b84a |
| SHA256 | d121f4293160e0a39cbb184c032cd45baf1372db00cd33afb0e166ac0a60ac4c |
| SHA512 | 44f4e745013eaa7d95486c91457c23fd9694f859920766f0139cf5ca9c84ff6c82d59be9675dd1a0c7b3216464c85cf732dbbdb0e641a5e47cbbf1830f4a0a8c |
C:\Users\Admin\Downloads\LockBit-main\Build\priv.key
| MD5 | e075b9a14a7ed9ed3e2a22b19a3724f3 |
| SHA1 | 504822d7241e8cb1741def5196194d35c6e08308 |
| SHA256 | fb16c9166a779e6a10e41fb6ca21283c99e65d6ac571933a9038a44d92f61c31 |
| SHA512 | bb4ed06f44d1a279c608574400b63348c27e6229614e273bb9c13da66111ace1bd95fb62c123bdd42a9a0ae2c293245a79d0eef7b5993c438735a06763ca4d59 |
C:\Users\Admin\Downloads\LockBit-main\Build\pub.key
| MD5 | efbc1bacb39d9e4d7d590f58980a1ca0 |
| SHA1 | efee01618f8b5f6bfb5c7c6401bc637f5cdb000f |
| SHA256 | e97a59af5b92b8334b6dbc7fea125b3de95beb35f723d89d0ed1cc5a54f2e5b0 |
| SHA512 | 5979cadab5121930b2f727509fcf60883c2ff39aa9936dd1e239ed22b2af9045f2b45c8cded1abdd7a0bd7627c8cade6490d0a09a3e5190faadf49e001305304 |