Extracted/injected images (may contain unpacked executables)
Download #1
Match: Create_Service
Match: Network_TCP_Socket
Match: Network_DGA
Match: Str_Win32_Http_API
Match: ScreenShot
Match: Escalate_priviledges
Match: local_credential_Steal
Match: Generic_PWS_Memory_Zero
Match: Sniff_Audio
Match: Network_HTTP
Match: Network_DNS
Match: Code_injection
Match: DebuggerCheck__GlobalFlags
Match: DebuggerCheck__QueryInfo
Match: DebuggerCheck__RemoteAPI
Match: DebuggerHiding__Thread
Match: DebuggerHiding__Active
Match: DebuggerException__ConsoleCtrl
Match: DebuggerException__SetConsoleCtrl
Match: ThreadControl__Context
Match: SEH__vectored
Match: Check_Dlls
Match: anti_dbg
Match: antisb_threatExpert
Match: disable_dep
Match: win_hook
Match: Network_Downloader
Match: Str_Win32_Internet_API
Match: Persistence
Match: Network_FTP
Match: KeyLogger
Match: Network_P2P_Win
http://lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion.ly http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion https://en.wikipedia.org/wiki/General_Data_Protection_Regulation http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0 http://lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0 http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion.ly http://www.microsoft.com/pki/crl/products/WinPCA.crl0R http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly http://lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd.onion http://lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad.onion http://lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion https://gdpr.eu/what-is-gdpr/ http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly http://www.microsoft.com0 http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion http://lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion http://www.microsoft.com/pki/certs/MicrosoftWinPCA.crt0 https://www.torproject.org/ http://lockbitaptawjl6udhpd323uehekiyatj6ftcxmkwe5sezs4fqgpjpid.onion.ly http://lockbitaptbdiajqtplcrigzgdjprwugkkut63nbvy2d5r4w2agyekqd.onion http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly http://lockbitapt72iw55njgnqpymggskg5yp75ry7rirtdg4m7i42artsbqd.onion.ly https://gdpr-info.eu/ http://lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd.onion http://lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd.onion https://twitter.com/hashtag/lockbit?f=live http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion