lockbit | 30a4d2ae21ec90ebdd415b90d2fe670ac5c0ffe54d0d8f7a01a54910ba1a8c45

Resubmissions

28/03/2025, 22:50

250328-2r89gsvly8 10

26/03/2025, 18:56

250326-xlfmrssqz9 10

26/03/2025, 18:17

250326-wxdf4szyc1 10

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
26/03/2025, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Size

502KB
MD5

17cc347c7c544e98a18dacf02a25d619
SHA1

263aa440a706fe3aa909fd8b212185340e7ede94
SHA256

30a4d2ae21ec90ebdd415b90d2fe670ac5c0ffe54d0d8f7a01a54910ba1a8c45
SHA512

e686ac882f4fdbe0efb0833186640d61d75b3132d026e5f2e1da35a01efca371e63cea3953a33dfb29ce130e6b3e0103bfbda099fc3da092364cc43427e15aeb
SSDEEP

6144:eo2mNDxqElXchsLP3JRBNGJLEAxSKfC5ogn3WJGBV50DErWuuzgXmPdt:eo2BYd73FWLExKfcoaWJtDTv

Score

10^/10

lockbit ransomware

Malware Config

Signatures

Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit
Lockbit family
lockbit
Renames multiple (137) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\M:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\N:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\P:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\R:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\T:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\U:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\H:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\L:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\V:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\X:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\A:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\G:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\I:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\J:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\Y:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\Z:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\E:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\K:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\O:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\Q:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\S:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\W:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\F:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Pictures\\My Wallpaper.jpg"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\WindowsData\\desktop.bmp"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

defense_evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\Desktop\WallpaperStyle = "6"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\Desktop\TileWallpaper = "0"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lockbit	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\DefaultIcon	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\DefaultIcon\ = "C:\\ProgramData\\WindowsData\\redfile.ico"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell\open	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell\open\command\ = "notepad.exe \"%1\""	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lockbit\ = "lockbitFile"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell\open\command	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2796	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

C:\Users\Admin\AppData\Local\Temp\2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\CheckpointConvertTo.ADT.lockbit

Filesize
545KB

MD5
cb480d89ce2ad647b747206240ee888f

SHA1
8816774d540765b1f6100f6152df88ab69665c62

SHA256
bbde61224fab8337212e593105738d6ed52b0a632b939b0bcd876e68526284de

SHA512
9369c2a18ef4293127af23b01a57b0f82f2a4645e22a1ed3cc32d0a2d68a34b63743bf64bb98363b41242af024374420c87bbb90ef0d35b9b8eef35abf1a492c

Download Submit
C:\Users\Admin\Desktop\CompareSuspend.pcx.lockbit

Filesize
436KB

MD5
55c639d68220a7775efc200912bf4881

SHA1
2bd232533f592b6765d7dd22d0797af6d882e141

SHA256
5d44ff1a4819022a3f330ef252b4f647f876524697e312ecafa811374f4ccaa8

SHA512
7dc2e84f9e88c5289ab4a66cd57a873ffcb8c0218b112d68fd331d809a759216a42130537954c27760770cb1c7473e274ae245a61f03b6aeb6566e751a3c5167

Download Submit
C:\Users\Admin\Desktop\ConvertToRename.TTS.lockbit

Filesize
400KB

MD5
1bd6ffdaaaf237e16d41bed2deadf48d

SHA1
de3dc59b1a2d104b85f4fc81992ecf788becff28

SHA256
861b4bc1e4acad4e59d98b73f9ddbf53ecd93a6b97da22c8c0158bf6b2850ad5

SHA512
db1d2cdfc9b40cd9a32548051052c2a6eb32ec6a3351c51af0f556f33600567b7834a773b19d234569c662788551779a99dde73e37133d49e47e5377b6881091

Download Submit
C:\Users\Admin\Desktop\ExitSplit.vbs.lockbit

Filesize
509KB

MD5
243693de41ff8b330d580906b743171a

SHA1
7decb2bd1d3048f40fdc99ae238c1906c4c0bcb5

SHA256
e13404a06bb784bf7e094b441f0dcd8be88c4d9708b1ff0e1984f4009c1ddf57

SHA512
848a95b717cfe47a170d541513265a63b040298a1dc72c798db672f2baea715a084929b3ae6835078f42702ad172f07bd3fbd0e704f9b7761726f5b6cd425fe0

Download Submit
C:\Users\Admin\Desktop\ExitUnpublish.xlt.lockbit

Filesize
291KB

MD5
a2ed19c8a9842bd09c64fcc1400ef3f4

SHA1
b40b6d8101eb083b425fe27645ddc2dbcebac3f0

SHA256
c22735edbfb6069c651441a0251b229bcc6904fec7036ec0c647f8cc453f60c3

SHA512
90680da3728e8ca7edd71852908cd43955da38f05fbb3216c58ece3d8e012275f09da175154453212781704bfd78f1a1defd987703e2c4e94a01828545c3542a

Download Submit
C:\Users\Admin\Desktop\ExpandEnter.odp.lockbit

Filesize
563KB

MD5
53f8de18a9eafca3ef94f35a82812389

SHA1
c98fb1e8d7a07c9ae73f59a8c9c14b0c98b2a709

SHA256
10cfb819d96c02ff07e106bfb452eca0ce78961a5581b1f149797cb12de6b37a

SHA512
aa3dea542429d2a7870fe585bb64337b529678a3007a71359eff46e8be3f8e990a55883457b60b4006b25834744b5af6d43276cc28225728d7ac699feab2dd3e

Download Submit
C:\Users\Admin\Desktop\FormatConvert.wvx.lockbit

Filesize
527KB

MD5
f36926b1fd3eff12a52e36d1d21ba93f

SHA1
0293a941338d40efe81c5f51f4b019e6e0f3fdcb

SHA256
f134457340c84dd06748f254e8dfba306a659841098dba42aec91a7512f01ec2

SHA512
080607e8dfa01c7d09101da24b6048b52ff5c1e0098d323b4594f464a7287d6484c7ae693db577fae10d42d169b34621f279bfc478e5ef6f0f66dc9d04ea0f03

Download Submit
C:\Users\Admin\Desktop\HideFormat.emz.lockbit

Filesize
654KB

MD5
cb1ab191b1fff06152c0841856131f96

SHA1
20b2562d28ccd9bd6bef77a410057a2c5cda2dd1

SHA256
82089f62dfc06a220fd74a95a92361e452f6d070f53859717f095b764b7d96b5

SHA512
fa76fd8453753b751560567942fbf2269a7536cb10556157bf12ae079789907d1a73c1503687c89009ed1d005cbf45dda9bc1b3265c5ab66045eb696b47e11ae

Download Submit
C:\Users\Admin\Desktop\PublishReceive.mht.lockbit

Filesize
672KB

MD5
1f18d42d4aa7f2566139425791f6d8cc

SHA1
ce7a08a824a7570e847d61bfd7f8ec4cf8acec25

SHA256
6cd54ee71f9635871a5db256d8e6e2774c6157b87b1dcd6353f9a829ef865c67

SHA512
d4e07f8723382ffbaa08841f900a064d993f6130cb1f78a4e0b45f1fad595ac7ebfd5baad32bfdaa31ab5e30bc58891baef176390e0aa86cce6b9d29e09003ab

Download Submit
C:\Users\Admin\Desktop\ReadUpdate.avi.lockbit

Filesize
363KB

MD5
b9e020490a8cfb6fec113f1d32fa08e0

SHA1
d6f2244cc4afee37ba59bdf35065c782192d68f9

SHA256
f49ad9790de953c6a4d240ff2f058a87185167ef923aa2ec318f09fd6b7a5933

SHA512
4b19b101ea17be438be806f75ee6984db35686332abe13986b3634045d9b80f5709019c12e7499536e3b33066094cadcb09767da0495314242c67244135cbe57

Download Submit
C:\Users\Admin\Desktop\RedoSubmit.wmf.lockbit

Filesize
345KB

MD5
cfd1e190efc2b96223ed4f3277d24929

SHA1
ec33b91318307e7c25a99a550c9f309c7a8338f4

SHA256
64e271504b29c020781242f709e17a0eefba6de0975a8ee50155fed426cc6c84

SHA512
91a9f43969211d2225c354c6f3aa22552f4b8cdf164ff1e9d51d055a3db04df18aa6c373d8feb1e722a1114afb3335c7028b87ec262c547aa7f3071d90c97ea2

Download Submit
C:\Users\Admin\Desktop\RegisterDisable.docx.lockbit

Filesize
309KB

MD5
562b4ecb5e1f1ffaa74f025d53818ef8

SHA1
b122ab80807f7a12fccf629abeaada47e783985c

SHA256
1482d29832d419461cb86001bd5db9374a246e5010bce4b6993b5386be86c58f

SHA512
d86bbf221aeff7d0c460f23371c712c0170a651da4ab08738a04b3f3f1383d77e0e5b01638fd3c3e4ee6af6e53ef8be7ccddddcf82ddd4aa9a9f1f8d3a3859d9

Download Submit
C:\Users\Admin\Desktop\RenameFind.3gpp.lockbit

Filesize
472KB

MD5
66d23aeff2fed0b9b734756663341337

SHA1
0b3995d458c28b749d6a99913d93a6050c0b6b30

SHA256
ac1f798ab515b16eed4e3e0ddcc158486d6dd7674fb698e0b82a10beaaa89fc3

SHA512
d34345db9589ed01810ba501103875674f3e51f3ec78622078ce6f75a2d571bee9f3fe68d6391710713270fc1ffecf1e6746e73240c7357fd4291fdb7f49d7e8

Download Submit
C:\Users\Admin\Desktop\RepairWait.docx.lockbit

Filesize
236KB

MD5
5ba1090920eaa3bb090cde34164659aa

SHA1
ac1f021e112cfbc8db3190fdb2591a6ab34944cd

SHA256
edd77fd1acaf50f16f8d95d266e1a0a0c9aa6021f3d1b15194066886d46bd6a5

SHA512
11851298e5c000cc293f2bb80474f379abd0f21bbae938b3cd4db60917d8c2cda772fda75091656afcfd34bf67f88d1c4705a82f2ccdd94603b6a6e1e036d8ed

Download Submit
C:\Users\Admin\Desktop\RequestConfirm.potx.lockbit

Filesize
454KB

MD5
4a0cea83beb0b6712b291bea70d15e0c

SHA1
f138bd27c1c14d14f3f133d5bef9e8df64ddac88

SHA256
a24cea6a9c93f25cc700a3fd0a291560af0f2d21e719343af0529cb395c0cec7

SHA512
3cc9e62acd1cf715ecf21f68eee74034ce0400f8451b680e9a28d22895974baa3b75047307e7f1bda19a4c54ba208dff6eb02927f0face9b3360ed2e66a7e358

Download Submit
C:\Users\Admin\Desktop\ResumeSync.ex_.lockbit

Filesize
927KB

MD5
d02574d1c3a2bfc6df0bab35860e861f

SHA1
3bc4c09d5d284885d86602a11df35f6abfbca181

SHA256
ba7fb936979d99ccd5e4a0f41849d85e131e57af630de49c680ae37be652426b

SHA512
e1f7400f8176f598045fd6399f69e280eb07b96a75e5f980fa93b4c0e180c2f89a64b0f01232d89ca9a82f3e5470f537f5c29bb5be30e2a824477f17bf30a9ec

Download Submit
C:\Users\Admin\Desktop\SaveGet.mov.lockbit

Filesize
254KB

MD5
b86556ab22f881097378a8754a163e88

SHA1
2101d2b419fd9a6116a21aee6a25cbf956653857

SHA256
896cda6ac020542924f08ea45f409951e8934044ee02025ae6721724adce57d1

SHA512
3b347298f0b3e4a3b50a269ce49770a6bc87e04eb07eb8b331a1077d5d30eafc550ab37e2bfb9a3df69aecb33d34b849e4eb3f6f4f5e90c66a3e9358f9333fe1

Download Submit
C:\Users\Admin\Desktop\SearchSubmit.xlsx.lockbit

Filesize
12KB

MD5
a4bb5418f2ea6aad64fff47e2886e11a

SHA1
8147f6829f5edb885d9b42c8e371be4b6c379812

SHA256
4135b6a54011506f62a7e3fda650f8f61b74db447861aba3bb09e6c4130639d7

SHA512
ca95f59966fb687f444b56cc3d4594a9ab7b19907007018f5b93d682fb929e6c0f27a0b3718e1ed7cdef10611d3f063dbf541b5bcfd88bdb341fdc0d159ad2fa

Download Submit
C:\Users\Admin\Desktop\SearchUpdate.M2TS.lockbit

Filesize
636KB

MD5
4581c662561c15bd5e1900d49a8e947d

SHA1
4237de73887a2778704c0f33195ff74fba3a23ee

SHA256
95ee23898e6c7caa473159d029effc709cf8960ce62453425b2754b0a3fbf9f2

SHA512
a2798136af8ead9fa5b6211cdee78b751524ee4d674176a445a33beab80bfc1155349b491aa7444fa40d8a70593fbd875c2d683ab16243704fc77c592fa7ca42

Download Submit
C:\Users\Admin\Desktop\SendUnprotect.odt.lockbit

Filesize
418KB

MD5
88d3831f36f644a77839eea43030bd9b

SHA1
60993ae16f35d249c01f84cee9d9ff2a1a9053de

SHA256
e9c83ac643422135f1ab6877aa482450118ea58d3ddf067be44e5629fac215a9

SHA512
5dbd47bf7af46e695e9fc9a8a302edcd543fd4fe7752ad1b65d35ef8f2d30228c5ea1bbb186005531548aba19f26c9317838fab1219084cef037628803854226

Download Submit
C:\Users\Admin\Desktop\SkipUndo.xls.lockbit

Filesize
272KB

MD5
ea8cba2fd13555f5997a3733c8487712

SHA1
6f7f52dcbceb3cf5d0ca27205beba5ad8859a2f9

SHA256
634fbfebd1d1f5711ddeb9593f58bd515702873b3a2da083996e634c0dcf310b

SHA512
fcc800eda119a4a6413876d94edec8d14e830b545316f55af468c7b445749fcf57c0ec6e2db519173fa6a851b0b3ecc3ecc5fa290cbc4b71c6d33a27e5128ce1

Download Submit
C:\Users\Admin\Desktop\SplitConnect.vssx.lockbit

Filesize
581KB

MD5
aad4414f2279360ad2d59dcfaa0661b6

SHA1
2391b894a3880491c4e1ef30193eed862cea8ef7

SHA256
b3481a0a72b5873419d0358715ab125bcf49fe2541cf66548e569e53d37b599a

SHA512
0a3c9e5880d53957c004a3d3fcd1be35edeeb6b55a41b0d8b9262be4d43cde97a611772dc27ec4f0d2b74344e52ed2cc293381a52ff342ed70ffec77808e50ac

Download Submit
C:\Users\Admin\Desktop\StopConvertTo.xml.lockbit

Filesize
327KB

MD5
9c16242fcacf523f6ada3c7870b597cc

SHA1
591e79de48c9cf63b872b8323fe9602b39858a99

SHA256
dd44b64a0eaeff45141ceee747bfa5eaaffaa043e74ec8c1da5b00fd723a93a8

SHA512
e34eae76ad95fbfc90e284c42ee4866e68a462fc3cf1f1d6bafc7fd8243e9e8be7c945d8cf1691bdf5eec04611e49329f98f460adc844f7a136b8c907ff3d1cb

Download Submit
C:\Users\Admin\Desktop\SubmitEnter.docx.lockbit

Filesize
19KB

MD5
1d3a974ba93912635606d547973471dd

SHA1
9fcb8b2e47966e2d00d382434de4c44a83922055

SHA256
8c0746e5aacb4789c1ec5ab9fc829698183fb1e14104bff0ee370677b1db9a67

SHA512
d4ff93f225109ad5c04c30ecc4ff22b268ea20952836c6df8b9a51ad2f870eeaa155c106ac999ef6e6e10be6be7d8974ca19dec2f2711d06facf8a735b0bcb43

Download Submit
C:\Users\Admin\Desktop\UnblockPing.M2T.lockbit

Filesize
600KB

MD5
d7610e54028e2fe50e15090889ebb749

SHA1
4ea4fdd0d9b6503c042f82aa7aa7281cf4541e97

SHA256
e868260646c8db0569c0d2ab5b487bbbca34d2cd8fc907ff5549890ada663f00

SHA512
1f0869cc10b9555986275046a9022f44796e64c5e103f0c36260e007d23f54e54321da954a4fea8d302c01a6dacc9fe02d91ffe3ba9dd80a2d9579bd281256ae

Download Submit
C:\Users\Admin\Desktop\UnprotectSubmit.tif.lockbit

Filesize
491KB

MD5
7dedc4264fd0c31a82af91f795b9eb13

SHA1
3c46417ac75319085672509044ccf688d8063c21

SHA256
9ede3992220b33590a5b2c7d4a64f0f51d893eb0bcd6dfc8fbe53440c28490f7

SHA512
88163a8c9c2c0ba460d90fe449e17b0ed8e9b7b1e1ad92a30afa81e3ac1ce32efdaaa5aae67cf16f7142098c83791bb711acc5634e47f2ea63e949d0482d92d5

Download Submit