General Info

File name

LockCrypt2.0.exe

Full analysis
https://app.any.run/tasks/4ca293bd-1a0d-4dec-9d06-824609181fb6
Verdict
Malicious activity
Analysis date
15/01/2022, 01:22:33
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

ransomware

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

f1927e7f90416bf39fc7991bbc57e1b3

SHA1

2367249568ca4a34f8824a9313b03d16d1d7c0bc

SHA256

539b0b5d54757e8a2b754ecdc2939eb7cf9db0ed1728e0eca407500222668505

SSDEEP

192:yrj2/2OzcYKNEmkmTjtiIKZIF/2oQlLkMBBm4C:j/2OzcJNEmkmTjkI/92oQjBU7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes the autorun value in the registry
  • LockCrypt2.0.exe (PID: 3560)
UAC/LUA settings modification
  • LockCrypt2.0.exe (PID: 3560)
Deletes shadow copies
  • cmd.exe (PID: 3680)
Reads the computer name
  • LockCrypt2.0.exe (PID: 3560)
Checks supported languages
  • LockCrypt2.0.exe (PID: 3560)
  • cmd.exe (PID: 3680)
Creates files in the user directory
  • LockCrypt2.0.exe (PID: 3560)
Starts CMD.EXE for commands execution
  • LockCrypt2.0.exe (PID: 3560)
Creates files in the program directory
  • LockCrypt2.0.exe (PID: 3560)
Writes to a desktop.ini file (may be used to cloak folders)
  • LockCrypt2.0.exe (PID: 3560)
Executable content was dropped or overwritten
  • LockCrypt2.0.exe (PID: 3560)
Drops a file that was compiled in debug mode
  • LockCrypt2.0.exe (PID: 3560)
Creates files like Ransomware instruction
  • LockCrypt2.0.exe (PID: 3560)
Reads the computer name
  • vssadmin.exe (PID: 2676)
Checks supported languages
  • vssadmin.exe (PID: 2676)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.dll
|   Win32 Dynamic Link Library (generic) (43.5%)
.exe
|   Win32 Executable (generic) (29.8%)
.exe
|   Generic Win/DOS Executable (13.2%)
.exe
|   DOS Executable Generic (13.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:09:21 10:54:13+02:00
PEType:
PE32
LinkerVersion:
5.12
CodeSize:
4608
InitializedDataSize:
6656
UninitializedDataSize:
null
EntryPoint:
0x1000
OSVersion:
4
ImageVersion:
4
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
21-Sep-2018 08:54:13
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000C0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
21-Sep-2018 08:54:13
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000010D4 0x00001200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.58282
.rdata 0x00003000 0x000004CC 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.3256
.data 0x00004000 0x00001390 0x00000C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.93331
Resources

No resources.

Imports
    kernel32.dll

    advapi32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
39
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start lockcrypt2.0.exe cmd.exe no specs vssadmin.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3560
CMD
"C:\Users\admin\AppData\Local\Temp\LockCrypt2.0.exe"
Path
C:\Users\admin\AppData\Local\Temp\LockCrypt2.0.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\profapi.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\lockcrypt2.0.exe
c:\windows\system32\sechost.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\propsys.dll
c:\windows\system32\drprov.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\netutils.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cscapi.dll

PID
3680
CMD
"C:\Windows\system32\cmd.exe" /c vssadmin delete shadows /all
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
LockCrypt2.0.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\vssadmin.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\imm32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cmd.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll

PID
2676
CMD
vssadmin delete shadows /all
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft� Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\vssadmin.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\atl.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll

Registry activity

Total events
484
Read events
0
Write events
15
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3560
LockCrypt2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
unlock
"c:\How To Restore Files.txt"
3560
LockCrypt2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
searchfiles
C:\windows\searchfiles.exe
3560
LockCrypt2.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3560
LockCrypt2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime
orsa
0602000000A40000525341310008000001000100D11DAEBFA242C9B1E42DEFB6D99D69D49D268A37EE296E98F1EB880A9311A34810177A16D9D09906C79E97F58ECEEB49F127297CE5A526DF955F4757BF69B8EEF37164EA83CBEDA50DF1584F74CD5DD3E5EC31AE404367163078E52F0FEC1184659333A466F14DCED2336AE7A4AC269B19C3FE3EC4D20A418C4A5A272D80EE47676A97968A3FB04273166B43AAB285EBCD2F311521788B27C963F751FC9D6E1565436FA7C4B843D08365E290EEE7C2E204F5C6B6CB6D284C3343537910FE3A744AC4AE517F299F5461FFCB38DBAAD3EEFD515E0F271DBAFB9208573B0596216F9086E499A556D8CB177FE81F2DBEA5ABBC1484C100C2BC95FEFDF1514FCCE6AD
3560
LockCrypt2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
ConsentPromptBehaviorAdmin
0
3560
LockCrypt2.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3560
LockCrypt2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime
rsa
B478E1F260FE18CD55159908BB2082C69DE3EE3F606CE472D6BF2B86CD9778DC09EE2716988756F2947DA5889BA4A8E8649CEE12F03FF37E2EC216168D38EA727A3D639422AC54C798FB6DE6F1A346196508FD51A443FCFDCE9CA6BE8A549541E03EA04D56DC5A89E4C48AE2D05BDB52F26D892C62BE95AED79DC97BA2AAB63FE4BD159BF37B58F2ED40C212B2976267C0C5BE8491D8C0A86248F84882FAA1F0ACDE4E5E03AE37ECC1917BE28D7B217A4E14F1394B6540F89E998C46CB466FEE3F3EA505CBB54CE4384B7255A7763AA69D1D77F0EEF394550FD08A7FA24E99CA85EAA6191D9BCEC5C4C7EFBD8521DB2FB0EF0A9FD03471105AB23D94E15F7151B276573BE48BE4A7B55CEF1218D577515B98690F728F4E7B0D8E17390DE5BC56F79BA58907585020BAC49DFC86B409E3BCA0C0C798C6C5CE5CC18F7591466DBBD3A1338B9ECD7FFA94125E02D258D2E0529B9F3A5B4BEBF64F97BBDFCD57363C486631D01FA431EFEE420E504F4EA7DAB4210718B38721DEB4C8EDBBCF2F07BAE4F047512D11AC5CD28386487428A3E5551F8460DD5777A4194B410DC31D6518AE21697AE05ACB74A4733073A0C157BF39CA7C6426DB94382ACA7E59A8C661129C810F6FD5793789114E6E377B254EC3E2C011EAEDFDEF669F34A168737467759CB7600D41712898C72F1605781B90D403B3B1A195B68FD9C89987298177FCB564587515B0CE9869BE149EA173BAFFE8F6ED8337A0E9D636A5F0CED3A905413559E8A70268222408D4044AFF105D85DB6E47193DE4F41CF77243483B2EDB37930901CCE23A6D6C8E82C95C5452F96120B7DD740256D93621ED46A35D662451D610C6371B494CDB14C61144C1FB9069B363A2CA49F106ADA1E9F4087612963E0E92214D606F13C55313EFDFD0D857C1F88DD640FB238434B4CEC40812E2556332D914A9558820CDEF8CACE137B8DD0A107BA7BBEF8140DC08C3694E1877D6B6F093FF4BAA99CCBD2FAD2277B006DB8B5E075D98A968B8A9986C041BDD21AEC7CD2BA185214C79609231F9D3EE3BDB1F55B55F5E481345942EF569212CDD3CBF98619EDDE0862815AA0C1F3F67D339140AA198C98D9A5698E6FB5A53C01D5407031D1E234096E8711C7085296E5866FC34C7F4E4C4D3D9AE36177141C8870A21BE18747CF9D280394CA52CA2B3C5A7B269BE860C9EFF0D41496C2503192144E8D4496D7735B3C1E335AB4E06BBDB1FCE4BAD4497E0C84F86F70A7411364397430C87CD955C83436DA921F6E8A46DD6F27A50FE4CBD016DA6AFF9BA6ECAA968DD908E7F38CA79D256CBE674CF6152C92A0329B430879F0C3B622733B7EEE00F4226DEB8AE7C752FE7CEBF84678A1B940EE05349F144024812F7B88607C12DA5119FF7B057A140BD10990BBBE3F9DD90ECE324603DBB73935D8C8FF3D833F1F8316FA49EED4366173B8AD5FBAA09CD1CA527000853B0A6E71CC504EF44A6EBF0FCB53B0C2A162B9868B0ACE91CE5B16C452C8F5DF06EB92CE7B1B85AD0DF0BB30FBE9C4B73169DE2771756F49617AE7DE6C747211A2057B05B21C7DA124CBA7F4586C49F0197C202D901C3F1D80AC1ED39872BEDDDBD9F72D1D347084D3523CFE8C8C23BAE64EFAD33D557180790138CFD7CAFA6CEC473DB2286E386BDB6507CF364B4C5171B3A2E916CEB2D7E30CA2DFCCD22EFA3CD6379629AEA0159B7281A09E67240BF95A216EA0C5D342814A837F97365AF283478511A95901E5CEA00D1225FA8EEF9A6634AEAEC3944AA3CA48B271972CFF6B0AE7730D616D2337F5763B105
3560
LockCrypt2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
PromptOnSecureDesktop
0
3560
LockCrypt2.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3560
LockCrypt2.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3560
LockCrypt2.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA
0

Files activity

Executable files
4
Suspicious files
10
Text files
60
Unknown types
2

Dropped files

PID
Process
Filename
Type
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-040C-0000-0000000FF1CE}-C\PowerPointMUI.msi id-tHjh8mD+GM1VFZkI.BDKR
executable
MD5: ee74d8e45cd2b619f05946c3c52386d3
SHA256: 6ad99fbea1e936daed3236197b516a3430b3ac355a532ea8242feb3f17b25b61
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-041F-0000-0000000FF1CE}-C\PowerPointMUI.msi id-tHjh8mD+GM1VFZkI.BDKR
executable
MD5: 4f841673b11cd85451ab1ede79a5ab91
SHA256: edd3803a85dd995ba1851ce0b1bc602448643de4e6ef82e7032402d3428a0125
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi id-tHjh8mD+GM1VFZkI.BDKR
executable
MD5: d10154e516838bb86fd8491dfbdd1f59
SHA256: ace07aa366fb84193a02baadc3529f9384b48aa453f71ab9be4e5ae41a7330c0
3560
LockCrypt2.0.exe
C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\RdrServicesUpdater2.exe id-tHjh8mD+GM1VFZkI.BDKR
executable
MD5: d446f5e746e4c7ff5ffb6f9d4d0808ff
SHA256: 74ddd4873cc1aefd434287d58b8be35657289b80f16b0e1d79a3ab87105257ca
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-001A-0407-0000-0000000FF1CE}-C\OutlkLR.cab id-tHjh8mD+GM1VFZkI.BDKR
––
MD5:  ––
SHA256:  ––
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-0407-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\Public\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-001A-0410-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-0410-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp id-tHjh8mD+GM1VFZkI.BDKR
text
MD5: bff1eba7041af7b373f4906b4d44ed5f
SHA256: d93620ffe3acd8ffd6318402604f9269ddb14f558912602fd0faa4652491cc08
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0017-0407-0000-0000000FF1CE}-C\Setup.xml id-tHjh8mD+GM1VFZkI.BDKR
xml
MD5: 9194cbc3737156e2863f1fc2812e902b
SHA256: ca0a2b8a08d235d7c48180899e3354541103c44b90be8f0f8be19c4948b4b728
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\ProgramData\Microsoft\RAC\PublishedData\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-001A-041F-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0015-0412-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0017-0411-0000-0000000FF1CE}-C\Setup.xml id-tHjh8mD+GM1VFZkI.BDKR
xml
MD5: c1075cd9bd48440a0ce51fbfd880829f
SHA256: e43e0822cce62d8e5ae603afbd37e33f6644a66e007f24a28567c1376b168f43
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-0419-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-0412-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-0C0A-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0016-0C0A-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\ProgramData\Mozilla\profile_count_308046B0AF4A39CB.json id-tHjh8mD+GM1VFZkI.BDKR
binary
MD5: 58728d2e9d553bb2369bdb4a618acae5
SHA256: 7ebc652a4b5b43608f61ac1057c51ec2ec1c8e33bbeb130794e15af72beb42e8
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0016-0416-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0019-040C-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\AppData\Local\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-0416-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Documents\desktop.ini id-tHjh8mD+GM1VFZkI.BDKR
text
MD5: ecf88f261853fe08d58e2e903220da14
SHA256: cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0019-0407-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-001B-0412-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0017-0407-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0015-0410-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0017-0411-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Contacts\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0017-0410-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-001A-0407-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-040C-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0017-041F-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\ProgramData\Adobe\ARM\Reader_15.007.20033\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Documents\checkbased.rtf
binary
MD5: 1ccbd51032cffc9c25569bbd7f8d59b2
SHA256: 3ff5fe068624dee4b2adbaa2dc2f93701ae48773a85fe240312db3e689f1d44d
3560
LockCrypt2.0.exe
C:\Users\admin\Music\desktop.ini
binary
MD5: 38e3883459429ee40c15680128f29283
SHA256: 1500dcbb2bea2c0321bb8d9a1fd4530910e5e4e3758f19997fa7707db711fffb
3560
LockCrypt2.0.exe
C:\Users\admin\Desktop\approvedstation.rtf
binary
MD5: a89bf46f050cf6e40147b0f00009f196
SHA256: b6b11a53ffe19ae75c8a4925319ee90e17e041391f953b187dfbeae37d9e992b
3560
LockCrypt2.0.exe
C:\Users\admin\Downloads\forbeach.jpg
binary
MD5: 5e118d7aab308c29696224302640cb4e
SHA256: 3db18e9d0bf9feb734c5a35a2d6e98efc25c218a567bf90769c354ecd9303ffa
3560
LockCrypt2.0.exe
C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Downloads\forbeach.jpg id-tHjh8mD+GM1VFZkI.BDKR
image
MD5: 0efe0de8014485a84874b02310cc0b7b
SHA256: fcc84f9919ec28abf3db01e46c66ee964415d25c66cf7dec047ec4af36295869
3560
LockCrypt2.0.exe
C:\Users\admin\Desktop\approvedstation.rtf id-tHjh8mD+GM1VFZkI.BDKR
text
MD5: 3fc34f0708ee391ac017afad4661c6d9
SHA256: 8a37fa233117b2ca2919d939dffb691bffb8a90384b22a95c5c7739d289884a1
3560
LockCrypt2.0.exe
C:\ProgramData\Mozilla\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Downloads\awardserver.png
binary
MD5: 2afd1f8ac32f54bcb41a44de4d5ab572
SHA256: 4c812f9b8e1bf6145017a9793f269b0738efaf897888eabed7b172fda18ad19c
3560
LockCrypt2.0.exe
C:\Users\admin\.oracle_jre_usage\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Desktop\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Downloads\desktop.ini
binary
MD5: 1834a1cc3534fbf17c13ab8b58441143
SHA256: 60eaace0c3aa28b6daafffe55e9b99ef014286b7403b02d556c84676fe5791e0
3560
LockCrypt2.0.exe
C:\Users\admin\Favorites\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Music\desktop.ini id-tHjh8mD+GM1VFZkI.BDKR
text
MD5: 06e8f7e6ddd666dbd323f7d9210f91ae
SHA256: 8301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68
3560
LockCrypt2.0.exe
C:\Users\admin\Downloads\desktop.ini id-tHjh8mD+GM1VFZkI.BDKR
text
MD5: 3a37312509712d4e12d27240137ff377
SHA256: b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3
3560
LockCrypt2.0.exe
C:\MSOCache\All Users\{90140000-0018-041F-0000-0000000FF1CE}-C\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\ProgramData\Microsoft\User Account Pictures\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Documents\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Windows Photo Viewer\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\ProgramData\ntuser.pol id-tHjh8mD+GM1VFZkI.BDKR
binary
MD5: 9002590404ac56436822a477e492ef33
SHA256: c0753dbcfed66bd96fddbd38c43872214f8778b074173c016228cee6e67eae1a
3560
LockCrypt2.0.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Links\desktop.ini id-tHjh8mD+GM1VFZkI.BDKR
text
MD5: de8858093993987d123060097a2bad66
SHA256: 4c0d757717dec80eca8c6cbbfdda4706eb38fbbb7624933d5429dafc7bb9f0ec
3560
LockCrypt2.0.exe
C:\Users\admin\Music\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Links\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Downloads\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\Downloads\awardserver.png id-tHjh8mD+GM1VFZkI.BDKR
image
MD5: 144c7d1060651cc757c0ec272d93182f
SHA256: 4702e54f26fbd30c5dc1f53d91e32b4b9d5c25dd79cdf64a6b5d9c6d72314ceb
3560
LockCrypt2.0.exe
C:\Users\admin\Documents\checkbased.rtf id-tHjh8mD+GM1VFZkI.BDKR
text
MD5: b681f7b4043af350927b3b798a86facf
SHA256: a0bae04e2861443a62641a54cfc7a6eb126cf2c920be90694fcef779a75435f4
3560
LockCrypt2.0.exe
C:\Users\admin\AppData\Local\VirtualStore\ProgramData\ntuser.pol
binary
MD5: 1454e25aacf2c3445328097928658dfe
SHA256: 6b71881cb9ab6d5c423523b7fdab64c6be6d9cf0a1b3826440e791e40e7ac15a
3560
LockCrypt2.0.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\ProgramData\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\Users\admin\AppData\Local\VirtualStore\How To Restore Files.txt
text
MD5: 7c533437c388c23ef70cd74ab2ac4501
SHA256: 770029cac4d2527abcc9f9b99aa3c9f7340605b5022f0d50260c8b8b5cef0c70
3560
LockCrypt2.0.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\desktop.ini
binary
MD5: 464caa9ebc61ddbdf302457ca82ad8b0
SHA256: ef55c1f931b053b4dd6fb1e6cdc4634dbe8c5b07e270eede1ff30b514e339c9c
3560
LockCrypt2.0.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\desktop.ini id-tHjh8mD+GM1VFZkI.BDKR
ini
MD5: a526b9e7c716b3489d8cc062fbce4005
SHA256: e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066
3560
LockCrypt2.0.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
dbf
MD5: 18b8cfc0185c50383aac0a4f30a9dac8
SHA256: 913e8ced6a447fe791954d382aba52d490513c5d2f689b391866c7e561f89a03

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

No network activity.

Debug output strings

No debug info.