lockbit | 30a4d2ae21ec90ebdd415b90d2fe670ac5c0ffe54d0d8f7a01a54910ba1a8c45

Resubmissions

28/03/2025, 22:50

250328-2r89gsvly8 10

26/03/2025, 18:56

250326-xlfmrssqz9 10

26/03/2025, 18:17

250326-wxdf4szyc1 10

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26/03/2025, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Size

502KB
MD5

17cc347c7c544e98a18dacf02a25d619
SHA1

263aa440a706fe3aa909fd8b212185340e7ede94
SHA256

30a4d2ae21ec90ebdd415b90d2fe670ac5c0ffe54d0d8f7a01a54910ba1a8c45
SHA512

e686ac882f4fdbe0efb0833186640d61d75b3132d026e5f2e1da35a01efca371e63cea3953a33dfb29ce130e6b3e0103bfbda099fc3da092364cc43427e15aeb
SSDEEP

6144:eo2mNDxqElXchsLP3JRBNGJLEAxSKfC5ogn3WJGBV50DErWuuzgXmPdt:eo2BYd73FWLExKfcoaWJtDTv

Score

10^/10

lockbit ransomware

Malware Config

Signatures

Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit
Lockbit family
lockbit
Renames multiple (162) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\B:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\H:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\K:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\Z:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\F:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\E:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\L:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\N:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\Y:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\A:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\G:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\I:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\J:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\Q:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\S:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\U:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\V:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\M:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\O:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\P:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\R:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\T:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
File opened (read-only)	\??\W:	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\WindowsData\\desktop.bmp"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Pictures\\My Wallpaper.jpg"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

defense_evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Control Panel\Desktop\WallpaperStyle = "6"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Control Panel\Desktop\TileWallpaper = "0"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lockbit	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lockbit\ = "lockbitFile"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\DefaultIcon	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell\open\command	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell\open	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\DefaultIcon\ = "C:\\ProgramData\\WindowsData\\redfile.ico"	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lockbitFile\shell\open\command\ = "notepad.exe \"%1\""	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
2844	2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe

C:\Users\Admin\AppData\Local\Temp\2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-26_17cc347c7c544e98a18dacf02a25d619_black-basta_cobalt-strike_satacom.exe"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\AddRegister.xlsx.lockbit

Filesize
12KB

MD5
83305731065faf89fa9f2f35e03fadea

SHA1
f9119f7ee910472af98db971c534d2ca5b9dd871

SHA256
84bc85bdf284360a26facb4be0295a4bf666329797dfb53a5a53186edeeac780

SHA512
72bd9ceda123d4f9efbef1504d22cf88034c6151bcffe6f0060c7c1e0627f0636774c89506b7c79dab47ebaa96dd876792231bccc6021be90f16b1b085a93059

Download Submit
C:\Users\Admin\Desktop\CompleteWrite.raw.lockbit

Filesize
491KB

MD5
3df5e96aacc8c989de9305aa0246f1f1

SHA1
cb043dba5e8cd4d0c4246e77ffb6445e227a850f

SHA256
cab918f721d6a3f8ae7d1fb6b7544cabd49a14366b4f29851e7774cd82028fc2

SHA512
fb89f5b6c7b1d0a6c3a90442fcd40a5ae08876e92019df764c14c2c5f0faa96e42ecf6e62c9f7a63133980ef8924667e287606b1810dc84ff64eda03e47dcaeb

Download Submit
C:\Users\Admin\Desktop\DisconnectEnter.dib.lockbit

Filesize
672KB

MD5
bae84d5ff6955b334da92f8a0ce6cea1

SHA1
8e4579b1a0026c7f5f8343ff4317403b48a1e7d9

SHA256
a6b3d237bf11fae591fed846004157b0ecda7ad0b5e4b6715053f7ffc94e6f58

SHA512
770ac4e7515a447a4e3cb57229fcf7831a243ed6b46090b80d2c42e38bfc6a03cf6fa29c13123e22ebad269254a5525b146a6ff49a72b292e09f5f200caa5fde

Download Submit
C:\Users\Admin\Desktop\ExitHide.rle.lockbit

Filesize
381KB

MD5
dff724cd7d1447db6446b262ea31b3a9

SHA1
32e2cce286c55c99488ac4c55721e8202f0408a7

SHA256
5d69e45a24d5c9fb6fbd3f47e019d03bdb31517b0de8c5973c7315ea35e504b4

SHA512
6bde6b262f097ea1584fcd50a506b517dc80f079d552938f5c96c1d490583c09272a33fa840e4cc2d96c9a724a1616c3eaa96e3ee45f9817c673aa404d563b1d

Download Submit
C:\Users\Admin\Desktop\ExitInvoke.pps.lockbit

Filesize
563KB

MD5
defab2b25c75977e48e7a823f0939966

SHA1
28dfcb140cbe721d03124e598b7680e9cf52e40f

SHA256
8a422e84f2186ec597ac349aac226269189e0f27105772690cd12bd45334a7fd

SHA512
8bf7dba9cfee286d3ccd0cbdd6cad96640073c1fee2acbb97895de1099e3ae92c8589d93e03ebc093277e24c472d4cbce82dd45cf6e43c67d7d88877f051a6c6

Download Submit
C:\Users\Admin\Desktop\ExportGet.DVR-MS.lockbit

Filesize
345KB

MD5
166f0846b06f6f60605e2a492ccb03d9

SHA1
8c2327671f0d0abbd7950d2e9c86e4c93257f08d

SHA256
5d2c48b917994e6c9a303eaadf897b9e21255a4c68fc9d2d30a6af42403914c8

SHA512
dc4a94922c0af6ec594946b0bbadbb586cabeac1b732393c6c02dacf45eed81622a338dd028398b153590d7808c9457562c3030c8c0f006684fa82f16fbf04a6

Download Submit
C:\Users\Admin\Desktop\GetApprove.wmv.lockbit

Filesize
454KB

MD5
426118affb0832154b08112e5156038d

SHA1
4769a693e7ed6dbffaa90a7a94cc746f7e415aab

SHA256
6368cef25fd53a1839d891da66f30a70207d08d0e6cb1463e9d08f1ad01c59cd

SHA512
0188cd995089c030bba4ba4ef41c1c3f3a46745334ac19c14d098d5546481de6d4588d67fadfb51aae9e031b7dbc6a6736df86e779390f9d5137db76e70ea1e6

Download Submit
C:\Users\Admin\Desktop\GetRestart.nfo.lockbit

Filesize
254KB

MD5
f0df9be0e2167d7e0f6b45cb44524e65

SHA1
5d77510cae7983f6c482e3ecd05019aeb4617a1d

SHA256
df0ce40c7a16498d7055fcabdba0fd475e4ad8d80d8205f9d0a10e5221080d2e

SHA512
9f729b0ec8ba33f6ec5b35f1dce8e31471edc3b9eb16ddaa879f8f2a02d1db162f273dd7a05183606d27b07345dc0437fb665c735a15b94ffe65d051fef383cb

Download Submit
C:\Users\Admin\Desktop\GrantSuspend.txt.lockbit

Filesize
472KB

MD5
41d5e4b394f2a652e17f8f527c1ca604

SHA1
acf3fa7ef1ced2fe8089bc97971b488c12c591fc

SHA256
d35e3182fe77dd62c672212551dbe55e5cbbb6216b28309e5691815faa63729f

SHA512
5c1cf0c465974b4b7b1922944a5b6cff1b46e2c1d84346e0475e1a0a334363447779839e825d59b198de29bc787f450e1cfaf3eef6844a144db74ec8dca81824

Download Submit
C:\Users\Admin\Desktop\HideNew.dwfx.lockbit

Filesize
527KB

MD5
3aef3cebc911f0a9b1dda5d12f5717c3

SHA1
8d1440d738c5a26d66c84afe7d29788d13e779c0

SHA256
67ca702e35fb91fd070d29d671a4923fa53121e17aac929972720fabd3775c33

SHA512
cb9fb0eb07dc48634d18d7910f9e822ef1e9936eefe11e3160c58c0088fb85c93bcf719d27dd1eccc64d46fe6c8cc9fd0c321befe9468165edb11380420befc6

Download Submit
C:\Users\Admin\Desktop\ImportRevoke.TS.lockbit

Filesize
309KB

MD5
56dcaafe9c935d6b3e256a6ace8ea234

SHA1
0c40461808b32a7fbebfa90f363995c166aec5cc

SHA256
dbbc8c05571b6bb88af9a6dc3a97ac601213a45f3d3ba5cd8718e27f52e74e76

SHA512
d9857f8b5a4a991cc9d250fefb7606c5598328524ec9926e67af60e51ec43b8f932282b4ebb8f9bb3358d5822ab5a3d330f82ec5143014ba5e1f69ac4dd81234

Download Submit
C:\Users\Admin\Desktop\InstallSync.dot.lockbit

Filesize
581KB

MD5
55eb6659e1a7f838667a89e77217af2e

SHA1
935c2483a3cb77e49d6c7a7ff69104597dfcd71f

SHA256
5715cb05c5b0fd242013238a067f4dc33821a1afc939bbfc0a775592609e2202

SHA512
20277083b57a12cfed307d6f0d209fe83e8bb5edd80a8fe90dde0956c321fd8a60812dcbe5f44b67dce67bace4061310cb0efe35b7f1fc2c7e1edea1bf735314

Download Submit
C:\Users\Admin\Desktop\JoinSave.001.lockbit

Filesize
291KB

MD5
db5a8080402fbf40f07c8dd882ecd616

SHA1
146b87db5a4072bfd864fa5c28cd957e297f5ce2

SHA256
ca84517c37d178b22b8881dd6d921d137971002e59fe5eca8090e3a78c72adae

SHA512
07d1715ad4c9f566a65bdde2e153257975a3f56e9c66a906827de9f18751f053796b2d90e3fe1300d42824b17a178e9f705d7ad2b342e9c2839abf0eeb238430

Download Submit
C:\Users\Admin\Desktop\MeasureApprove.vsx.lockbit

Filesize
400KB

MD5
6c9ca3f61195d0ee5bcc87dd0d0d0685

SHA1
f99c9de5ea17f54d9198054f619eee39f63018ef

SHA256
914ba795ae12b763a1dde919193078226e96807854949af5f4a80681003bb6fe

SHA512
d5b162eed13e364e9d29c39803eae344b21333d65215f8bd6bd00bdafee337e6fdf536577a39c214c5248bc0e0da33a9291fd91d64eda1f0e2f062c3b26a07b4

Download Submit
C:\Users\Admin\Desktop\PingDebug.vsx.lockbit

Filesize
654KB

MD5
ada8f0beb7daec60b3040026c0d7dacd

SHA1
5ec151960a93e3f5171cd868fdbe23d5312ca6d7

SHA256
a40219bd9961ffb8fcd7c025862716cf6131d671eb0b54372249d7d3e35ad050

SHA512
c9435363818671f3753e9699e72fdd41d96940cb830ae25cdb0a5289cb0114a0bc7c6956d110f344a60d39b7a08bf214d2b9451aa2c4344889cc17b338e3201d

Download Submit
C:\Users\Admin\Desktop\PingSuspend.wmv.lockbit

Filesize
600KB

MD5
98b6ad7a4c9e83d6933a09a1e7d9b613

SHA1
143c3cfa31434fc86d104310edc1c0f9b42b3bb0

SHA256
f8bb383cfb01969cff2d4977f2c350e80a693fbbf8c40fd3f2ffa11614118a0f

SHA512
b3dbdbc74edacfe65c5f7f4544c68a474549b4c43313eb3bcca4076de620b063d7cdbfc2224cb1da97da6c2a472ede3fe0c9c7eb9ab3f500f946e86c5b9f9e7b

Download Submit
C:\Users\Admin\Desktop\PingUse.mpg.lockbit

Filesize
618KB

MD5
a24bb157436c98e573e972054de8c985

SHA1
f65249c80ab3e84643573d0c8b67fa02f3568578

SHA256
a4fb2323971745e4b1d6d40256cb1b6c176c8a5ef68bf17108cde1d32d611bc1

SHA512
2a8df6eeae120467d579d481abdac07e1a7e14faa5816989354366d1545ef56a11de4f7b787f01b2694ab5a5a3e1205e1ed08870365aa8ec9e44e74a84b18ed5

Download Submit
C:\Users\Admin\Desktop\RemoveRevoke.ogg.lockbit

Filesize
327KB

MD5
4095e18eac592e99c496326dba3276fa

SHA1
49465dc5f42c25c3ad84f423368882478e9fd21a

SHA256
b389f2d19e6a51db29f9eb3e8fa270e6c9025f449e2b7618bb7977647b4d7ba9

SHA512
23f585683fc26bbdb2eff225f2485cd0c1e63ea6210ac92e9cd7d5c4e4b75abf0c00660ca8d355e595cf97059ca4fe08c8f041e51fc21f7347108c0a8ce90fa4

Download Submit
C:\Users\Admin\Desktop\RestoreMerge.xht.lockbit

Filesize
236KB

MD5
e5ee028ec69fcb9c6486c2b6185406ee

SHA1
d5411919ce932e39427899ce31cb7d97c70fa039

SHA256
163161df214d1290372d253fb00a18361c14787fa28397a91bf679eec4486118

SHA512
4f60ecebacc4ec7ea4337eb18b69cb1338de6217ac9fa1071def37b0a2f7b147fcb5476ec8e4690d0579d1b40f296ebb8dbfc3f9ba9f3003b70175c0c13f2485

Download Submit
C:\Users\Admin\Desktop\RevokeExpand.vstm.lockbit

Filesize
509KB

MD5
5e79b5e139558b86b5a8e3fe257f3da9

SHA1
3bec0cccfa0e9731f8805fb75ad9e75fac139fcc

SHA256
74e0d1775f9fdeb4e233fc4409fa5716b0a1c8ad202daa49a5b1152ac19e7b2a

SHA512
dca35f17fc2061dab01db884f532f0b17b3150011bfc414cee2d880d7985136c18bc989f8e151be3b222c3f7defb5afccd714927fb515b7d0daf774ffe9e950f

Download Submit
C:\Users\Admin\Desktop\RevokeRedo.docx.lockbit

Filesize
20KB

MD5
7246fe398071fa2317123496d7c769c7

SHA1
93665d6988307b42755cb701cd565375a87c7704

SHA256
5a940d4cc76c0bbf31bb55e415eb9fe226f8487f7a96c753551b9c6202ed5e6d

SHA512
09bc161eec3a73d7f300da2963a9f9f7002aaa940f02e560726ae1d964cf4f0f93dbf81e88e3b7328df94d694b037d664fa38306486f550d885fe038549d5b39

Download Submit
C:\Users\Admin\Desktop\SkipRedo.vssm.lockbit

Filesize
545KB

MD5
11bfa69db64b7a5e68f1bc8720328ae6

SHA1
ac826d0c5f19d338335b8b787efe0ff7d567e9cc

SHA256
c8ffb02986a0d06f00a8e2c9cca69139fb9d78dea40021f082bca572e604a5f3

SHA512
31d6675b99f8654ba46e1f9a3c2b8c6c5aba84d6c1876df424a4c28f001ace02bd86dcb8450d04b92f9ca8f0e7b456497b47e96daed6fbc12c19e1c919e3eabb

Download Submit
C:\Users\Admin\Desktop\SwitchInstall.jpe.lockbit

Filesize
418KB

MD5
1c115a14279cd9b784126e1e98236987

SHA1
545fdb4fad39f9b6c725654f008c811367c36a6f

SHA256
ef617e67caf8229d6121c188b59732ce26854f96ce54dc7169605721d9c96585

SHA512
5a60db2cecd5b7d2090d0791381a061e646f9bdc3acf794f9357b75a163a9a6ecd0a49fcff0f855d3a53d03a0dcbe0afb7a07fad90d902315a497c90f4c4b13b

Download Submit
C:\Users\Admin\Desktop\TraceDismount.dotx.lockbit

Filesize
636KB

MD5
a615091a1c2c1f51c3bf5d02d298e337

SHA1
b5e14ca3cc28d15fd6e3b6cd00c4f290593d301b

SHA256
ed1b57528be8d3f1c0af450dac238e32757a1c2948f8fda7c02d2ae3c0dbd329

SHA512
e4da8b9478c574fdeacf564c7b8d7259e5959120d227c0bbca45c5a9463e05051fb7f0794524a175fb909be68b6754806c262ffd505c73d28b3310bdde858ce1

Download Submit
C:\Users\Admin\Desktop\UnblockUnprotect.vbs.lockbit

Filesize
436KB

MD5
ca2c324086b7bfc9d633f3f452753ea2

SHA1
ae28ad52906786693062cca89d1a36a09046c8c8

SHA256
33393f12edd5bc7831de6ee3b2c7a4d0bf7963f973351324dd204b3420425831

SHA512
496fe22b3418e9157388470332bbf0e184c94af3479a8f504c78d8151b2bf46c4334273a934ca0acaadf269870cbfbf56b722f43d93e71df2ae2cfea7b383ddc

Download Submit