File name:

Lockbit 3.0.rar

Full analysis: https://app.any.run/tasks/8209f733-27d7-444c-add5-e9a18a96c9a0
Verdict: Malicious activity
Threats:

LockBit, a ransomware variant, encrypts data on infected machines, demanding a ransom payment for decryption. Used in targeted attacks, It's a significant risk to organizations.

Malware Trends Tracker     >>>
Analysis date: March 03, 2024, 18:44:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
ransomware
lockbit
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

FEB587492965E27725F12CEBFE9C0F63

SHA1:

043FA82CD179A0C0D33D958534D0AC4A266AF4FE

SHA256:

41A698EB7C58022975DDB16D80E444234A71B1A3DFB3E017AD80A6AC8C541063

SSDEEP:

98304:SHa1WDt8gGmfDa1fkRm6YF92H0TJ6FvJ9OIlpYUIdL0hi3UIYEJWxJXk783f3xKy:OUbnW27w50JU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3672)
      • builder.exe (PID: 1584)
      • builder.exe (PID: 2588)
      • builder.exe (PID: 3036)
      • builder.exe (PID: 296)
      • builder.exe (PID: 2348)
      • builder.exe (PID: 128)
      • LB3.exe (PID: 1264)
      • npp.8.6.2.Installer.exe (PID: 2060)
      • GUP.exe (PID: 1168)

    • Steals credentials from Web Browsers

      • LB3.exe (PID: 1264)

    • Known privilege escalation attack

      • dllhost.exe (PID: 1820)

    • [YARA] LockBit is detected

      • LB3.exe (PID: 1264)

    • Creates a writable file in the system directory

      • LB3.exe (PID: 1264)
      • printfilterpipelinesvc.exe (PID: 2296)

    • Renames files like ransomware

      • LB3.exe (PID: 1264)

    • Registers / Runs the DLL via REGSVR32.EXE

      • npp.8.6.2.Installer.exe (PID: 2060)

    • Actions looks like stealing of personal data

      • LB3.exe (PID: 1264)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • builder.exe (PID: 128)
      • builder.exe (PID: 1584)
      • builder.exe (PID: 296)
      • builder.exe (PID: 3036)
      • builder.exe (PID: 2348)
      • builder.exe (PID: 2588)
      • npp.8.6.2.Installer.exe (PID: 2060)
      • GUP.exe (PID: 1168)
      • LB3.exe (PID: 1264)

    • The process creates files with name similar to system file names

      • builder.exe (PID: 1584)
      • npp.8.6.2.Installer.exe (PID: 2060)

    • Creates files like ransomware instruction

      • LB3.exe (PID: 1264)

    • Write to the desktop.ini file (may be used to cloak folders)

      • LB3.exe (PID: 1264)

    • Reads security settings of Internet Explorer

      • notepad++.exe (PID: 3012)
      • GUP.exe (PID: 1168)
      • 81E4.tmp (PID: 680)
      • notepad++.exe (PID: 1404)

    • Reads browser cookies

      • LB3.exe (PID: 1264)

    • Changes the desktop background image

      • LB3.exe (PID: 1264)

    • Starts application with an unusual extension

      • LB3.exe (PID: 1264)

    • Reads the Internet Settings

      • printfilterpipelinesvc.exe (PID: 2296)
      • 81E4.tmp (PID: 680)

    • Searches for installed software

      • npp.8.6.2.Installer.exe (PID: 2060)

    • Starts CMD.EXE for commands execution

      • 81E4.tmp (PID: 680)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 2992)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • npp.8.6.2.Installer.exe (PID: 2060)

    • Explorer used for Indirect Command Execution

      • explorer.exe (PID: 2884)

    • Creates a software uninstall entry

      • npp.8.6.2.Installer.exe (PID: 2060)

  • INFO

    • Dropped object may contain TOR URL's

      • WinRAR.exe (PID: 3848)
      • npp.8.6.2.Installer.exe (PID: 2060)
      • LB3.exe (PID: 1264)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3848)
      • WinRAR.exe (PID: 3964)

    • Manual execution by a user

      • WinRAR.exe (PID: 2036)
      • WinRAR.exe (PID: 3964)
      • WinRAR.exe (PID: 3848)
      • {04830965-76E6-6A9A-8EE1-6AF7499C1D08}.exe (PID: 2440)
      • cmd.exe (PID: 2040)
      • cmd.exe (PID: 480)
      • LB3.exe (PID: 3172)
      • notepad++.exe (PID: 3012)
      • LB3Decryptor.exe (PID: 1496)
      • LB3Decryptor.exe (PID: 1560)
      • notepad.exe (PID: 3356)
      • notepad.exe (PID: 3080)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3848)
      • WinRAR.exe (PID: 3964)

    • Checks supported languages

      • keygen.exe (PID: 2760)
      • builder.exe (PID: 1584)
      • builder.exe (PID: 296)
      • builder.exe (PID: 128)
      • builder.exe (PID: 3036)
      • LB3.exe (PID: 3172)
      • builder.exe (PID: 2588)
      • {04830965-76E6-6A9A-8EE1-6AF7499C1D08}.exe (PID: 2440)
      • builder.exe (PID: 2348)
      • LB3.exe (PID: 1264)
      • LB3Decryptor.exe (PID: 1560)
      • npp.8.6.2.Installer.exe (PID: 2060)
      • 81E4.tmp (PID: 680)
      • ONENOTE.EXE (PID: 2780)

    • Reads the computer name

      • LB3.exe (PID: 3172)
      • LB3.exe (PID: 1264)
      • npp.8.6.2.Installer.exe (PID: 2060)
      • 81E4.tmp (PID: 680)
      • ONENOTE.EXE (PID: 2780)

    • Reads the machine GUID from the registry

      • LB3.exe (PID: 3172)
      • LB3.exe (PID: 1264)
      • ONENOTE.EXE (PID: 2780)

    • Reads security settings of Internet Explorer

      • dllhost.exe (PID: 1820)
      • explorer.exe (PID: 2952)

    • Creates files or folders in the user directory

      • LB3.exe (PID: 1264)
      • printfilterpipelinesvc.exe (PID: 2296)
      • npp.8.6.2.Installer.exe (PID: 2060)

    • Creates files in the program directory

      • LB3.exe (PID: 1264)
      • npp.8.6.2.Installer.exe (PID: 2060)

    • Checks transactions between databases Windows and Oracle

      • LB3.exe (PID: 3172)

    • Create files in a temporary directory

      • GUP.exe (PID: 1168)
      • LB3.exe (PID: 1264)
      • npp.8.6.2.Installer.exe (PID: 2060)
      • ONENOTE.EXE (PID: 2780)

    • Reads Environment values

      • npp.8.6.2.Installer.exe (PID: 2060)
      • ONENOTE.EXE (PID: 2780)

    • Reads Microsoft Office registry keys

      • ONENOTE.EXE (PID: 2780)

    • Process checks computer location settings

      • ONENOTE.EXE (PID: 2780)

    • Reads the Internet Settings

      • explorer.exe (PID: 2952)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
100
Monitored processes
35
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs winrar.exe no specs winrar.exe winrar.exe {04830965-76e6-6a9a-8ee1-6af7499c1d08}.exe cmd.exe cmd.exe no specs keygen.exe no specs builder.exe builder.exe builder.exe builder.exe builder.exe builder.exe lb3.exe no specs CMSTPLUA no specs #LOCKBIT lb3.exe notepad.exe no specs notepad.exe no specs notepad++.exe gup.exe printfilterpipelinesvc.exe no specs lb3decryptor.exe no specs lb3decryptor.exe npp.8.6.2.installer.exe no specs npp.8.6.2.installer.exe 81e4.tmp no specs onenote.exe no specs cmd.exe no specs regsvr32.exe no specs explorer.exe no specs explorer.exe no specs notepad++.exe no specs gup.exe notepad++.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
128builder -type enc -exe -pubkey Build\pub.key -config config.json -ofile Build\LB3.exeC:\Users\admin\Desktop\LockBit-main\LockBit-main\builder.exe
cmd.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\lockbit-main\lockbit-main\builder.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
296builder -type dec -privkey Build\priv.key -config config.json -ofile Build\LB3Decryptor.exeC:\Users\admin\Desktop\LockBit-main\LockBit-main\builder.exe
cmd.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\lockbit-main\lockbit-main\builder.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
480C:\Windows\system32\cmd.exe /c ""C:\Users\admin\Desktop\LockBit-main\LockBit-main\Build.bat" "C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
680"C:\ProgramData\81E4.tmp"C:\ProgramData\81E4.tmpLB3.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\programdata\81e4.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
1168"C:\Program Files\Notepad++\updater\gup.exe" -v7.91C:\Program Files\Notepad++\updater\GUP.exe
notepad++.exe
User:
admin
Company:
Don HO don.h@free.fr
Integrity Level:
MEDIUM
Description:
WinGup for Notepad++
Exit code:
0
Version:
5.11
Modules
Images
c:\program files\notepad++\updater\gup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\notepad++\updater\libcurl.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wldap32.dll
1264"C:\Users\admin\Desktop\LockBit-main\LockBit-main\Build\LB3.exe" C:\Users\admin\Desktop\LockBit-main\LockBit-main\Build\LB3.exe
dllhost.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\lockbit-main\lockbit-main\build\lb3.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
1404"C:\Program Files\Notepad++\notepad++.exe" C:\Program Files\Notepad++\notepad++.exeexplorer.exe
User:
admin
Company:
Don HO don.h@free.fr
Integrity Level:
MEDIUM
Description:
Notepad++
Exit code:
0
Version:
8.6.2
Modules
Images
c:\program files\notepad++\notepad++.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1496"C:\Users\admin\Desktop\LockBit-main\LockBit-main\Build\LB3Decryptor.exe" C:\Users\admin\Desktop\LockBit-main\LockBit-main\Build\LB3Decryptor.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\lockbit-main\lockbit-main\build\lb3decryptor.exe
c:\windows\system32\ntdll.dll
1560"C:\Users\admin\Desktop\LockBit-main\LockBit-main\Build\LB3Decryptor.exe" C:\Users\admin\Desktop\LockBit-main\LockBit-main\Build\LB3Decryptor.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\lockbit-main\lockbit-main\build\lb3decryptor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
1584builder -type enc -dll -pubkey Build\pub.key -config config.json -ofile Build\LB3_Rundll32.dllC:\Users\admin\Desktop\LockBit-main\LockBit-main\builder.exe
cmd.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\lockbit-main\lockbit-main\builder.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
17 415
Read events
16 028
Write events
1 380
Delete events
7

Modification events

(PID) Process:(3672) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3672) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3672) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3672) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3672) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3672) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3672) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Lockbit 3.0.rar
(PID) Process:(3672) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3672) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3672) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
41
Suspicious files
604
Text files
1 187
Unknown types
810

Dropped files

PID
Process
Filename
Type
2036WinRAR.exeC:\Users\admin\Desktop\Lockbit-Black-3.0-main\Lockbit-Black-3.0-main\README.mdtext
MD5:D8F21BB32D72CA834C905F02A4EFB8F8
SHA256:A312A7D1BE8455B617B7C1463CF48C941E7E4CCD6C4CC912B0F490F4C8B0B3CA
3964WinRAR.exeC:\Users\admin\Desktop\Lockbit-Black-3.0-main\Lockbit-Black-3.0-main\{04830965-76E6-6A9A-8EE1-6AF7499C1D08}\{04830965-76E6-6A9A-8EE1-6AF7499C1D08}.exeexecutable
MD5:38745539B71CF201BB502437F891D799
SHA256:80E8DEFA5377018B093B5B90DE0F2957F7062144C83A09A56BBA1FE4EDA932CE
3848WinRAR.exeC:\Users\admin\Desktop\LockBit-main\LockBit-main\README.mdtext
MD5:DC8D96087E0094C3CC793B3445BEF8DE
SHA256:64312260BF9F040C92ECE170D05250526F138F059760B8A5B9023D6D38E71DB1
3848WinRAR.exeC:\Users\admin\Desktop\LockBit-main\LockBit-main\keygen.exeexecutable
MD5:71C3B2F765B04D0B7EA0328F6CE0C4E2
SHA256:EA6D4DEDD8C85E4A6BB60408A0DC1D56DEF1F4AD4F069C730DC5431B1C23DA37
3848WinRAR.exeC:\Users\admin\Desktop\LockBit-main\LockBit-main\builder.exeexecutable
MD5:C2BC344F6DDE0573EA9ACDFB6698BF4C
SHA256:A736269F5F3A9F2E11DD776E352E1801BC28BB699E47876784B8EF761E0062DB
128builder.exeC:\Users\admin\Desktop\LockBit-main\LockBit-main\Build\LB3.exeexecutable
MD5:07A93743CA109BC7224386408D694DA0
SHA256:F0571DB909B16394EE213D1368A75E2B24E4EEC1A80B87411B8C6EE304A202B1
3672WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3672.48592\LockBit-main.zipcompressed
MD5:68309717A780FD8B4D1A1680874D3E12
SHA256:707BB3B958FBF4728D8A39B043E8DF083E0FCE1178DAC60C0D984604EC23C881
2036WinRAR.exeC:\Users\admin\Desktop\Lockbit-Black-3.0-main\Lockbit-Black-3.0-main\Threat Spotlight Lockbit Black 3.0 Ransomware.pdfpdf
MD5:FDA5CFFE58B8FCA9B4638C3BA2BD43AA
SHA256:146C5F0BB88E0B55A2ABBA9D2F176A7D46BDF9963A90143493C2E740271B99B3
2760keygen.exeC:\Users\admin\Desktop\LockBit-main\LockBit-main\Build\pub.keytext
MD5:C9D0182D1258B8AF3690DE0D735D8958
SHA256:C4615FE892CC3575AF81A9D92056ADEA7273430AE8F1151B23B9D3E5CB69C805
3672WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3672.48592\Lockbit-Black-3.0-main.zipcompressed
MD5:8ED5B7350F54EC24D149C0340ECA0C50
SHA256:2F0C8E67B946B4472CDA418E6E637E66DC179E92B14F2F5D8A42115A9E61449A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
9
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
488
lsass.exe
GET
200
23.214.95.209:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?144111b1a3e00b48
unknown
compressed
67.5 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
1168
GUP.exe
179.61.189.170:443
notepad-plus-plus.org
Hostinger International Limited
AE
unknown
488
lsass.exe
23.214.95.209:80
ctldl.windowsupdate.com
AKAMAI-AS
BR
unknown
1168
GUP.exe
140.82.121.4:443
github.com
GITHUB
US
unknown
1168
GUP.exe
185.199.110.133:443
objects.githubusercontent.com
FASTLY
US
unknown
3528
GUP.exe
185.77.97.139:443
notepad-plus-plus.org
Hostinger International Limited
NL
unknown

DNS requests

Domain
IP
Reputation
notepad-plus-plus.org
  • 179.61.189.170
  • 185.77.97.139
whitelisted
ctldl.windowsupdate.com
  • 23.214.95.209
  • 23.214.95.202
whitelisted
github.com
  • 140.82.121.4
shared
objects.githubusercontent.com
  • 185.199.110.133
  • 185.199.111.133
  • 185.199.108.133
  • 185.199.109.133
shared

Threats

No threats detected
Process
Message
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Lockbit 3.0.rar