Overview

overview

10

Static

static

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

7

Resubmissions

28-07-2024 16:38

240728-t5tryssgmm 10

07-07-2024 14:07

240707-rfgd8atekm 10

07-07-2024 14:07

240707-re689awdpe 10

13-09-2022 17:54

220913-wg1lpsgbg7 10

Analysis

  • max time kernel
    721s
  • max time network
    729s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07-07-2024 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RansomwareSamples/LockBit_14_02_2021_146KB.exe

  • Size

    146KB

  • MD5

    69bec32d50744293e85606a5e8f80425

  • SHA1

    101b90ac7e0c2a8b570686c13dfa0e161ddd00e0

  • SHA256

    95739e350d7f2aca2c609768ee72ad67fcf05efca5c7ad8df3027c82b9c454cf

  • SHA512

    e01f976fcbfa67cfd6e97855d07350a27b67fcc825d4e813ac9d2f4e8f464bb4f8bbbbe58a26bc27e78fa15db0ee5271e8f041dd72f036c11964eb1c591b438f

  • SSDEEP

    3072:V6ZkRGjkBrmKmY99UpkD1/34bIpVSrtLmqc2LVMMqqD/h2LuTeONA5tIHVcH:IS9rLPPUpa3VVEtLXcCqqD/hOQnaMcH

Score
10/10
lockbitdefense_evasionevasionexecutionimpactpersistenceransomwaretrojan

Malware Config

Extracted

Path

C:\Program Files\DVD Maker\de-DE\Restore-My-Files.txt

Family

lockbit

Ransom Note
All your important files are encrypted! Any attempts to restore your files with the thrid-party software will be fatal for your files! RESTORE YOU DATA POSIBLE ONLY BUYING private key from us. There is only one way to get your files back: 1) Through a standard browser(FireFox, Chrome, Edge, Opera) | 1. Open link http://lockbit-decryptor.top/?BC76D224712A7481B70BC0102B4CD3C9 | 2. Follow the instructions on this page 2) Through a Tor Browser - recommended | 1. Download Tor browser - https://www.torproject.org/ and install it. | 2. Open link in TOR browser - http://lockbitks2tvnmwk.onion/?BC76D224712A7481B70BC0102B4CD3C9 This link only works in Tor Browser! | 3. Follow the instructions on this page ### Attention! ### # lockbit-decryptor.top may be blocked. We recommend using a Tor browser to access the site # Do not rename encrypted files. # Do not try to decrypt using third party software, it may cause permanent data loss. # Decryption of your files with the help of third parties may cause increased price(they add their fee to our). # Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. # Tor Browser user manual https://tb-manual.torproject.org/about
URLs

http://lockbit-decryptor.top/?BC76D224712A7481B70BC0102B4CD3C9

http://lockbitks2tvnmwk.onion/?BC76D224712A7481B70BC0102B4CD3C9

Extracted

Path

C:\Users\Admin\Desktop\LockBit-note.hta

Ransom Note
Lock BIT Any attempts to restore your files with the thrid-party software will be fatal for your files! Restore you data posible only buying private key from us. There is only one way to get your files back: Through a standard browser Open link - http://lockbit-decryptor.top/?BC76D224712A7481B70BC0102B4CD3C9 Follow the instructions on this page Through a recommended Download Tor Browser - https://www.torproject.org/ and install it. Open link in Tor Browser - http://lockbitks2tvnmwk.onion/?BC76D224712A7481B70BC0102B4CD3C9 This link only works in Tor Browser! Follow the instructions on this page Lockbit-decryptor.com may be blocked. We recommend using a Tor browser to access the site Do not rename encrypted files. Do not try to decrypt using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our). Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. Tor Browser user manual https://tb-manual.torproject.org/about
URLs

http://lockbit-decryptor.top/?BC76D224712A7481B70BC0102B4CD3C9

http://lockbitks2tvnmwk.onion/?BC76D224712A7481B70BC0102B4CD3C9

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Renames multiple (9353) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 55 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\LockBit_14_02_2021_146KB.exe
    "C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\LockBit_14_02_2021_146KB.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • Modifies Control Panel
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Windows\system32\vssadmin.exe
        vssadmin delete shadows /all /quiet
        3⤵
        • Interacts with shadow copies
        PID:2364
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic shadowcopy delete
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1240
      • C:\Windows\system32\bcdedit.exe
        bcdedit /set {default} bootstatuspolicy ignoreallfailures
        3⤵
        • Modifies boot configuration data using bcdedit
        PID:1632
      • C:\Windows\system32\bcdedit.exe
        bcdedit /set {default} recoveryenabled no
        3⤵
        • Modifies boot configuration data using bcdedit
        PID:1364
      • C:\Windows\system32\wbadmin.exe
        wbadmin delete catalog -quiet
        3⤵
        • Deletes backup catalog
        PID:2280
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\LockBit-note.hta"
      2⤵
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:2204
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://lockbit-decryptor.top/?BC76D224712A7481B70BC0102B4CD3C9
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2944
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2588
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:406530 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:304
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:406536 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2276
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 "C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\LockBit_14_02_2021_146KB.exe" & Del /f /q "C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\LockBit_14_02_2021_146KB.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1856
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.7 -n 3
        3⤵
        • Runs ping.exe
        PID:1716
      • C:\Windows\SysWOW64\fsutil.exe
        fsutil file setZeroData offset=0 length=524288 "C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\LockBit_14_02_2021_146KB.exe"
        3⤵
          PID:984
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2804
    • C:\Windows\system32\wbengine.exe
      "C:\Windows\system32\wbengine.exe"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2716
    • C:\Windows\System32\vdsldr.exe
      C:\Windows\System32\vdsldr.exe -Embedding
      1⤵
        PID:2568
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
          PID:3008
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2476
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1244

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\DVD Maker\de-DE\Restore-My-Files.txt
          Filesize

          1KB

          MD5

          17b0fa1045c1b269746ad701222d5052

          SHA1

          b32e12d5e403cb4c18ba5c9f55f99ab30cffc860

          SHA256

          61e00aa417f660363fdbaca3227299dd9d460b09225f3ff374e170c1fde0e5f6

          SHA512

          9a33a22da6a801856ddaced24daa48058f9c081d92babbcd4bfc5c8169a753dfbecdc3ad9cc516c04ea324d84297cc84b6ea3ded804928d046d264901be096b4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
          Filesize

          471B

          MD5

          0c72d9fbcec63f975afdf78bd316b381

          SHA1

          095fa4fed3e700b5b03f32e80969f44621f35fe6

          SHA256

          d6be429adba22744c961d0376634cc69c3adf54f39670568bbd8eb49b1ec69cd

          SHA512

          6d0e0865700588bb8a2c05138e1aed9b98aa58c28e0141480e09709cd712b863f2b8473f7d6cfbb64c8df245549817018e4c9ab7bef3fb3c39a1314d3658cb6a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e8de5881991a61fe286c0ad448a16e0b

          SHA1

          a342c3383c4fdc5f668ef8a1669b78c0f7114585

          SHA256

          a6b8bd05d45654f8ff73f66b190dc80e400f1dae45f24007531ce9930b75f97c

          SHA512

          48d58169b75cbe3596a37970a34b320d859717146e3c7cd84817e7ba5bcf202488a98effc55409ac7a43f5d211cc68c139d48069f325f9f4d7fd9c2ab9df90fa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dbc9a66fbad9fdf757bbdee88b815eb7

          SHA1

          f93b08498644d8b6d7ff3bb0067d15e8389a81ed

          SHA256

          1eda3368b3f6a897bf16d2be0e6ecddeedcb2bc9402f8638a970927b5a6c208b

          SHA512

          fb78ca775903ad5f2553038ad42d9f4735a199f66cac2b94774575825a3450458cdae08d17adb6aa1c380ccc9168c885150451ba76045cf7d150327cf61e9672

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5fd442f3095a9b031349795a41ea1c83

          SHA1

          7210389d21055360150a8596f7952b3002fb14ab

          SHA256

          6d46ca18132731e0615564e6b445d4f078d12a4518cab522a04030722ae29461

          SHA512

          5877362c0f8542e75647da41f1358566baff3e82ffb5879b795240e636d01485e2593730f1db69fb5ced2624faf4d1fd7e82cb457d0f3f818347e04376194ebd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c3de061e343fecef890fe48d776469d9

          SHA1

          4f5d6f5e1cdb19ec87231e8ade3a756c38fafa1d

          SHA256

          715cc85b6dacbaad0aab6ed0f7332a99ee0706405162615c42a20666cd13721c

          SHA512

          511f2dd94cd6b636f905a48fd8607d98b9bca8fcbb4a132d9080fd8a2e7ed4c25522f6aea570ea46a860bc2332653f9a2ac0b1c72a5ee3dddcc39c99783e7b20

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6721cfdea794e3f5d422c785d2fee4d6

          SHA1

          9856606f74f4a4c3141a42920fd7bbfeba26b507

          SHA256

          f78c7e348b6cfffae8c719ffb2cd6607d21fc5456f0e1b606aa3091077c96705

          SHA512

          ea21d0d519dfda02b0d47420cb1e261008490e6d5d168e2f1225682e3e7e38771fc9eb3f0f0d22641df170b3f4326715604f9c2d13dc34676192809273c5dd3f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          de690175395aa96e75193de777a432a5

          SHA1

          16475aad3249d5d1198966006e014c2fe746de69

          SHA256

          f1b3515f209dcb09345e3ee7da8494204c2ec5320cf78c6b2d587372b3f14a40

          SHA512

          bc7305e065857f3b17e1c0433c9a156cca10b594f1053bfc8e5ddf6c23d9b3fdfead0f54f557b47a526539b0f710b499a3b8dfe7397e619b29a850dccb432d68

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          98a43c01ecdea53dc6272a29f932ea77

          SHA1

          acc102ea5d4e45ebd067bff536ee0b78f8318fbe

          SHA256

          c1d933d68a9f20f4a72196a278bc4b4e54acd2cdb33e82c56de85447dfe174cf

          SHA512

          7a72555902a9c694ce46ca1e9bd4fa0f4109f7bbdadb05fad53909b3cfbd4bd074fe1e8b2cec6a4276494399ac340b0daf026eaadfacb73ecc6c88308651980c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4d0f9702506dab91a5b07adf0a50cf4e

          SHA1

          cefddf701022806fa22f4b6b066ea1ed921415ec

          SHA256

          ca8367c1d02d51f04e55b6cb7412d5077d311e6e95d88a7345394770e155a0c2

          SHA512

          6638eb56edce161b675eec8afc5191d2efc0a8c4984219206278a10b86f80dda444bcd5106c3df739feab6dc6bcecdbd8004d2df31a7788071bdbfdebb293517

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8517e007bbce028f0720bd0dcb6f3102

          SHA1

          daf7b9b592e5245fe42e3ab38e1002c358e98b1f

          SHA256

          fb6a246b99abb3a41834d07b468e4e82f458445d3accb1661769e3cf69fa8aa2

          SHA512

          030da1f7719ba7edc69c6078a97d6cc065d394c95f2bc80927c3cb8224d24041e77d41c9e69dae987b3b8a3279ba87d504a95286824773a178fc29744f919296

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
          Filesize

          404B

          MD5

          e4a063d15377c14c58f697b18294f840

          SHA1

          d60abe15f7f5912e085b06a0ac85208f39c1044a

          SHA256

          cfe75248b91bcd4f680e9cea7793a0ce6ad58dedf87e76ea6e7c11f7f8934750

          SHA512

          f49275495d5c67fb42d2858f835b3e4fdabd6d740de40cb14c962d2ca8b0c78751ad87f9065a213e6be9edacccbe996a4aedbd15f9fe8c3ecc7f0c8684be5f9f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8920DC1-3C6A-11EF-B3C2-F67F0CB12BFA}.dat
          Filesize

          5KB

          MD5

          3a7f9c6dd821e7dab473ade7c861849c

          SHA1

          1ff9eb8cedb412fa45cf4472800d509f3bb040b7

          SHA256

          edbd0f70935384c131a622a030fe89ede646ed58bece908cc19fb050341f39b8

          SHA512

          5bbcb588aadba14af274eccef2d9a30461292e12e62aa8c1e5c02aedcdd3f83ae86e654b4f9d6250879272fa821d4b5c9ca490665e57d6600e8ca96a052b69a4

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F89931E1-3C6A-11EF-B3C2-F67F0CB12BFA}.dat
          Filesize

          4KB

          MD5

          3460aedc76b09336d0d5b94897ce4536

          SHA1

          efbe6b4abc14dd241f5e52cee7003c7c4eacec98

          SHA256

          96d76246b3ddba3c3d03db458da03301196e97d7679766a7bae52105cd319e77

          SHA512

          fc3775bc86c54866706bd22c6f6aa7f3fcec2a7559c459efcb51506285188da4142c3088d237c0b0d1be3b4ff4a4302bd7b6a97c60bfccac39ff2e6f9583d6ac

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7V06J7Q\favicon[1].htm
          Filesize

          1KB

          MD5

          25193e2daa30cbf7c682d7704d415a13

          SHA1

          ed1c44d4224fdeace8da8a210c478fc4f480a854

          SHA256

          fd722defe76c2e26ff1e755658a56add096b2a2766d6dd1332dd8a16200b17e5

          SHA512

          56738696ee98fe10a64ba6ef98502312549ca1830939e60b7d549f56bfbd0fe87096fa9d5abad13ff7b96b4364487be60b732f814a47a97ffab5af4fde933847

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabD1B.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarFC4B.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\Desktop\LockBit-note.hta
          Filesize

          17KB

          MD5

          4e3ca1628e79f93246cd04a7c97eb289

          SHA1

          5a77cf7807abd81cb04e1ab2781f37e87898f5b6

          SHA256

          93438b582c9131a7dc90a318097cecb043b44ec1f4ff14596ed16020276c6009

          SHA512

          e09c7b0ca2fbbbe414035d040fb99c1b86649528dae964a957d6020a8255525ce3e0f1f525d7ce58280fd9c237782b20879cbdf6d496ff183c3f10fee0762974

          Download Submit

        • memory/2204-10161-0x0000000002E60000-0x0000000002E62000-memory.dmp

          Filesize

          8KB

          Download