lockbit | 30a4d2ae21ec90ebdd415b90d2fe670ac5c0ffe54d0d8f7a01a54910ba1a8c45

Resubmissions

28/03/2025, 22:50

250328-2r89gsvly8 10

26/03/2025, 18:56

250326-xlfmrssqz9 10

26/03/2025, 18:17

250326-wxdf4szyc1 10

Analysis

max time kernel
104s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Size

502KB
MD5

17cc347c7c544e98a18dacf02a25d619
SHA1

263aa440a706fe3aa909fd8b212185340e7ede94
SHA256

30a4d2ae21ec90ebdd415b90d2fe670ac5c0ffe54d0d8f7a01a54910ba1a8c45
SHA512

e686ac882f4fdbe0efb0833186640d61d75b3132d026e5f2e1da35a01efca371e63cea3953a33dfb29ce130e6b3e0103bfbda099fc3da092364cc43427e15aeb
SSDEEP

6144:eo2mNDxqElXchsLP3JRBNGJLEAxSKfC5ogn3WJGBV50DErWuuzgXmPdt:eo2BYd73FWLExKfcoaWJtDTv

Score

10^/10

lockbit ransomware

Malware Config

Signatures

Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit
Lockbit family
lockbit
Renames multiple (137) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\F:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\H:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\N:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\P:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\U:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\V:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\A:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\B:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\E:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\L:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\Q:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\S:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\T:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\W:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\G:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\I:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\K:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\M:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\R:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\X:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\Y:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\Z:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\J:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\WindowsData\\desktop.bmp"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

defense_evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Control Panel\Desktop\WallpaperStyle = "6"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\Control Panel\Desktop\TileWallpaper = "0"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\DefaultIcon	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell\open\command	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell\open	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lockbit	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lockbit\ = "lockbitFile"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\DefaultIcon\ = "C:\\ProgramData\\WindowsData\\redfile.ico"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell\open\command\ = "notepad.exe \"%1\""	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
536	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

C:\Users\Admin\AppData\Local\Temp\2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\ApproveConfirm.potm.lockbit

Filesize
193KB

MD5
53c70b3581eba0d847eac076245f5a1b

SHA1
6df91bdfc0892bd20c0705cdffca79c43a78e486

SHA256
92530138eb7a2975d5c1cbdaacabc6c0ad273bc00233e08f8a6345f7ca630a70

SHA512
265886ed02dd58c6ab9e33b8ee651b8d14879738fd8e2675e52b9fc927c3028b72113154d6a003049f18989370c9142a3c31cb66d8555c8d3172f3402e82b94f

Download Submit
C:\Users\Admin\Desktop\ConvertFromLimit.xlsx.lockbit

Filesize
15KB

MD5
695f4a689951b97d0550078c4508fdf5

SHA1
d2460073a038215799616729ad5ec69bbd60d9ff

SHA256
a695bf8683e226dd96edcb54b68dcc58b9f4160c5c246de96b451048788ab693

SHA512
8b1cb12dda3c2fe2281c7af8561d421f5c80d734e517ab5b7e78ce23c8849398fa8e012ef652b055ee4c0c1adf9b511150a42751649b193dd028f2b38d5b74ad

Download Submit
C:\Users\Admin\Desktop\ConvertFromPing.mhtml.lockbit

Filesize
120KB

MD5
48a338f46ece00b25868b18a7d6a13cf

SHA1
aff9fbe92c886d64907e73cbc7d5e9433c7ae7e1

SHA256
8a064173a77d3172431b5101d754ae61194805905a0e81bd0c9165c3e3336eb1

SHA512
37352234d1a31be6fe1f078a6ebdad3ddbb5618a43f87211b509ad0947c53a6b8aaae5770e2359aa7fb125953db6a91a1379deab62d87d88ef668a57fd1540b4

Download Submit
C:\Users\Admin\Desktop\ConvertFromResize.rmi.lockbit

Filesize
113KB

MD5
bffd101e5c7b6c0924939a8beef63022

SHA1
8c1811caffb3ad58a6e1028e260b5c7e603f5a0d

SHA256
c6133483e8cff1647f40fc314ddb9edb47a28a084a34d1303f78ffc14efe098d

SHA512
f331688a23feaa266adc93334dbaa025beb11e06ab9ae170ef8609a71406b180a8c6d004b900434b1f2d2c094a7caad986ccbbce16bef64e3fb64647ff37fe27

Download Submit
C:\Users\Admin\Desktop\ConvertInstall.xltm.lockbit

Filesize
135KB

MD5
9fa5bf34e82b3f939bd708f86bd5da24

SHA1
6afa9c9941619a7ae9cb0ab78ae72a70eed85076

SHA256
3e7cfa8cd03e659d453dfd695e11592fcc7b5eb7134d653bb6ed45901387db34

SHA512
06ae2afc58fc65f83b4fa2ff3104cd96b233fcd0a596a0c9538d6e419a36ddb6b3f76d0636c716a612150fbf4b96fa853f48835c12e223a74f027c953dda638e

Download Submit
C:\Users\Admin\Desktop\ConvertToCheckpoint.doc.lockbit

Filesize
215KB

MD5
b26d31a0322275e681ef5686079f4923

SHA1
7013bfb645dd17b9763c1787b3bc8fc85bd293ca

SHA256
e88925880a4169241cfcb4cec5fb0637fb675fa8badb6cabba15a29347908518

SHA512
7c0015185f775fa7b5cb07979ac8bd03fd9c19e2bd9e214dd22aa0919a75a4df3b0ba7a5d6980a832b78995633343601f117559c0fb83d070abc02f636bdbe54

Download Submit
C:\Users\Admin\Desktop\ConvertToEdit.htm.lockbit

Filesize
252KB

MD5
e3171d1d78513af9a4d3d51704d0a06d

SHA1
1e1d2930727e67f8e79070369b4b768c4518cf52

SHA256
86d58b49b596f91d0ae9d15d376df25c075e00668324530c38b679b1c47b2694

SHA512
356c5dece13f9a831a66153b618dbc2768d8a329991b45183ec244a34577ffafe95b670623963f3a1bed95fbda17335c0671edeb9bc9f4f87a9f86de36abb842

Download Submit
C:\Users\Admin\Desktop\DebugInitialize.crw.lockbit

Filesize
179KB

MD5
cf2f64729138a31384873d007b9fe2f2

SHA1
63cd4f8e34d6c5c77842d8d10196e48d6693a818

SHA256
e5ce7bbcd96407f05c8b165689a202020b6ab793a31fb497221e2e8c030f0efc

SHA512
03ce9de389fbb826a0817381f458991c83ce932c9747faac4d2958a28bdf101e7f75596da4940882068eb9cb7ae6b8c0b171511b52d63050d51aac95c6a97f99

Download Submit
C:\Users\Admin\Desktop\DismountBlock.search-ms.lockbit

Filesize
106KB

MD5
e824629fb789210271c532333610119a

SHA1
0d1392946a9d3cbac58446c4db9c27283709660d

SHA256
1f953d88ce24ad6f605e8fa5b45b828215e5b3f9dd53874e9112cb78011649b2

SHA512
40cd951e290af4774e122b629baab36bc8c54a7dfc6e75123b2eef804fbca4e915928912a2523a0faf46881bebe8df21fba034acaed78b4fd2c80fb040842a50

Download Submit
C:\Users\Admin\Desktop\EditDisconnect.jpeg.lockbit

Filesize
201KB

MD5
56e98140a852b165afd060db60ee908a

SHA1
1fc5d7f58471f920bfed0c2c6416f8cf56a36212

SHA256
5081ab180a152b2942b6f661c9de8ed00100d4e0a3a21ebb3144e2ed2df6537c

SHA512
02ff4d3801636fe30121290e9880b155d5976c39e7eea7224b2c7bdfeddbcdb003d3e5c864f6891c3caa35dfb798787d2b4f6ae433b7579e57df9119276a65af

Download Submit
C:\Users\Admin\Desktop\ExpandGroup.crw.lockbit

Filesize
230KB

MD5
1cf12e87fc14ad0a26d6dfba82bdd1f1

SHA1
e443c32e90d521cd627d48da6933e253c41ba230

SHA256
7e2e6af8bd6f921893c80579e044e71ec7bd680f0f0bc6dbf258d6a2ca78ca61

SHA512
bfc829bd8f4b745472cfcac552d20f4e9db925d7755b935792120b36f92ac74aa100329f44f2a573a245eb0a20875ac916c6b593916d8ccfd566242b8ea8485c

Download Submit
C:\Users\Admin\Desktop\ExpandSync.wmv.lockbit

Filesize
157KB

MD5
a04337d24557fabea3e0445330257366

SHA1
61203eb46f709e107705fd4633fadda04b1463c4

SHA256
62f4eabdfdbe49dc204c0dde221a2fc30dabad3401f66c1a5caf7155b861c0f0

SHA512
3dcab7383f1ded46860544018f3ffd4b018a08c8b39d199bdc62416da4d9f2f57be1bae9452eaa91f1e6599e712050e9c5fae8f3c642f871fdff289a96170671

Download Submit
C:\Users\Admin\Desktop\ExpandTest.xltx.lockbit

Filesize
416KB

MD5
43cdf977d82a042b1180c1fb7f8f65f3

SHA1
52d8e32cd78e2c77e02be27f729cf972782ab3ea

SHA256
c27e22947f50badaf76ec874874614a6a6f93f87866f4f0718fc99b3dcf91cb7

SHA512
8f36b9d3b823dd85448676e962694755ae82af3d8705ac11cf532b84b7c08f1ee391d21cb2069d931e63812b4b5e335355948b29086c0c9e3de1061331402e52

Download Submit
C:\Users\Admin\Desktop\GrantCompare.potx.lockbit

Filesize
237KB

MD5
10b4324856f1d658f02879450a55611c

SHA1
542163dc7e80ff096bb3ccf4643b96cd92419fc4

SHA256
c9b9ce46dc7b6c419245709dbd309edb37c8f828f3ecf3f578c97241e9bb2731

SHA512
5fd543d9c17afc1417507b61a665570f079d6a37cb0aa95f85587fa8e6400756a47b635a7af6eae32cca71bacf91cc669276786fc7e5415b5a04f8fb4bc52533

Download Submit
C:\Users\Admin\Desktop\HideApprove.docx.lockbit

Filesize
16KB

MD5
a1a92e2891c2954a81b8dd14c0a3cf00

SHA1
57c4dec94f0d6b9e42b488613e606149aac499d1

SHA256
8d60a841ade68247a19cbf59bd8cdf862db2cbc2e1ee18b48899b01284af0041

SHA512
09f1eb91f27938b16b5944a534213868c907176ddbbac8bf2946e91c9ea35d8c3411a637639a4fac6a3e17ee74a8b6c27b06f3d8aa61777cd5f83472cf73781d

Download Submit
C:\Users\Admin\Desktop\InstallOut.potx.lockbit

Filesize
128KB

MD5
fc9fcd0671ac7e691c1eba197450f33c

SHA1
36319bacddd5d8612ede8328f43841282edc56be

SHA256
76c1cf5f18b2abf581f2e7cb5a416cb3dbe4b4de206cc0e927ba1d1ca0cd5d36

SHA512
61da6b823e59202f32fbf594eea2bc009e3055871cfde07a7737705c8d232772c0285790007be22fd59715e506f8156419decfbecc4b99046db64ab7a2ef1dbe

Download Submit
C:\Users\Admin\Desktop\InvokeStart.asp.lockbit

Filesize
164KB

MD5
e0c30f6a4fa01df8d6c3643bdd9f37ea

SHA1
709bc2981ca33d9021a34056f50e4f8ffd682a57

SHA256
8ca1954f3de097851d1452fa03fc5d8ef773ddfb7929507d8111e636b62576ff

SHA512
4d95d540658bcc22266764db235630eccbe08314602bdd9a2fa2633c3a671bea5c94ee1891ef059e76d1f080e4f7ef4a29baf46d4faad3f68a14d1d3219cabb2

Download Submit
C:\Users\Admin\Desktop\ProtectCompress.tiff.lockbit

Filesize
274KB

MD5
b040ba00ae103047062523bd4775dd96

SHA1
8113f1320852890d415257b55d00b5be208c6f21

SHA256
74ac263da7b3d55cc51c7c9ecad8bd041d2f9d0d1520d2322af52ff59edb5786

SHA512
77c191eb3c26c557910fcda9b6b5e98ad95ea8b8c37ab60eefc504071a473cf9363bdc5ff5bf3e25f51b4d82bb3df3d3155925cb7bce801fd14ee3005653d9ad

Download Submit
C:\Users\Admin\Desktop\RedoSearch.docx.lockbit

Filesize
303KB

MD5
db24a045f69ab49187e2ac5b6f9466f4

SHA1
7ace8b0194637f6e5320d9c58a90fd6fee524b02

SHA256
2252c040bb43ad52c4f60ab40daa13025dc3ac64c700d45b52a622227c11d938

SHA512
c9c8d204fefebec569a11c8d9d7ec376d1a4b9e2be7d65d4eaf41ea1c421c4a68e341560167b633932b894d7168a18383d576fa84147f1a8cbd4e9a5325d92fc

Download Submit
C:\Users\Admin\Desktop\RegisterFormat.xps.lockbit

Filesize
150KB

MD5
8ac7902011a46f7852b53dc4c3643915

SHA1
e0ed68b7a675c66ba05da9913a55a06263853e02

SHA256
90b01cab0e07e5f335aab4e5f9cb0b3a481cccbb5b3d7a3e7decc28fdd7be0a2

SHA512
506d154234023f7c461828417cf6cf47cbcf56fdbfb714e1c74a6a91508b7639f2de224739938d9351e4b52cc7b41871319454c55a75a96d1eb7216c2d09a1d5

Download Submit
C:\Users\Admin\Desktop\RevokeReset.M2V.lockbit

Filesize
208KB

MD5
35ff92b77efe46a5c13cc1375c276738

SHA1
d9b360e3c7cb1fe1c8f2c27767ff276160a32177

SHA256
7f8eef5c3926ae103269a232814519bfeb28d35ca1a0fa29257855f250a34773

SHA512
f4b4d6cff932f6855ee04d6227e1d694b835aef4634bf27c60dbb61be89dd49526521a535131da6eff13f44f53493940c3676ade5ef2b53b1b40cbbc1425fd19

Download Submit
C:\Users\Admin\Desktop\SwitchComplete.xlsx.lockbit

Filesize
288KB

MD5
286df79e4b5b7187a01d99fff8a283fe

SHA1
5dd961b56f5337b8a6d4766d412e3caae35ab287

SHA256
b71e3e2a0b2b6f46eabcaebf9a9b0616c95b84cbe3636168651f5e7542ace061

SHA512
aaa45c04afd525ce7d2af957a0018f4eda19faa6145c867308d0a199bb9f8ba5d3aafbadbac13079204037d2dea95068c647b7d9664b6c158ce0f113d06af9e3

Download Submit
C:\Users\Admin\Desktop\SwitchSave.wvx.lockbit

Filesize
259KB

MD5
c033e7fceb15b05fe6d3694b20627fdc

SHA1
95f4d363a51c6c91fecd8533d06b5e475a707901

SHA256
a1274a104c14f3509187f70f4f9d1e7af8c49bbc3bc4164cae685268e26af731

SHA512
82f9cdc11ad0a3c0d9c194d191c13d015e8d5d4969b39daa185b2d837990d71b9e12a642bad7d990b916d52ea24ff5009f82be38ec437d22d219cc3488517a46

Download Submit
C:\Users\Admin\Desktop\TraceNew.zip.lockbit

Filesize
142KB

MD5
bd7cdfaf67598293781ecea327fbce8b

SHA1
76e729610e4a80f16f363115d6b279b69131f7bb

SHA256
4816525f2d4cee168d957a0864b4a516daba0b216dc885339ddd098a5512175d

SHA512
f84f8a951711593160a098e45c03d187b1b23d0c7563a6589c9772a63c719a0258f381d5d32f823fdaf8341ffeab5b086196bec754d91551936ca58a17f29a7c

Download Submit
C:\Users\Admin\Desktop\UndoMeasure.wmf.lockbit

Filesize
171KB

MD5
541099eccad4c183227083dc3b58cffc

SHA1
0237419fbdc82b5fc07bb3aef39be0a8fd5fb1fc

SHA256
f1d9cac9cf7c6158ddfd9d816b063e1665e6e934c66f653f2bd5b7e065eb1723

SHA512
d66a739093ea736657087323012ea11083a5527dd0b53b2faf254309d7b84a138916e38d6f7484c219a14ed3d321145134ea557ab9a86dd349d8812553cb33e3

Download Submit
C:\Users\Admin\Desktop\UseGroup.shtml.lockbit

Filesize
266KB

MD5
7e683824bbb91cb0f4bdece79a730424

SHA1
60bef50d3de12ed41d6f309f9064941843ff291f

SHA256
f332c0fad10f7d57695d22ed1954766144514d91c6d333d42aa145cfeea05ebe

SHA512
fef251599075daec4f481d89d40cbc6868b7a5a4c7d2981c16a20d73f03c2aac3bb3f271d492f93150843a8cae79a78e0d447cd183e18ae07a607a540aed7078

Download Submit