7e249f022daa3ae3acd2ba83a5265bdd19c0d31f188a619fa0f1d20d9787356d Recompute SHA-256 over each sealedContent line followed by a newline (UTF-8); the result must equal the stated hash. fixture INCIDENT RESPONSE EVIDENCE CERTIFICATE Template: incident-response Case: Ransomware incident response (CASE-IR) FIR: FIR-2026-77 Analyst: Pallavi Pawar Organisation: Innovativa SoftTech incident.id: INC-2026-0420 incident.type: Ransomware (LockBit variant) incident.detectedAt: 2026-06-18 02:14 IST incident.affectedSystems: 3 file servers, 1 domain controller incident.responder: CSIRT - Innovativa SoftTech SUMMARY files=3 size=163577856 matches=3 mismatches=0 errors=0 ANNEXURE 1. evidence-1.dd | 53477376 | Verified SHA-256=874e9c3ea2b3c4dda2b3c4e5a2b3c4eda2b3c4f5a2b3c4fda2b3c505a2b3c50d 2. evidence-2.dd | 54525952 | Verified SHA-256=913213d9a3b4c5dea3b4c5e6a3b4c5eea3b4c5f6a3b4c5fea3b4c606a3b4c60e 3. evidence-3.dd | 55574528 | Verified SHA-256=9b158b74a4b5c6dfa4b5c6e7a4b5c6efa4b5c6f7a4b5c6ffa4b5c707a4b5c70f VERIFICATION verified=3 failed=0 errors=0 DECLARATION I certify that the artifacts listed in the annexure to this certificate were collected during the response to the security incident identified above, that their cryptographic hash values were computed with e-Dex and are reproduced in the annexure, and that the verification result stated above reflects, accurately and completely, the integrity of those artifacts as against the recorded values.